#1
Hey Pit,

Any programmers out there? I've been practicing with some simple forms but one thing that annoys me is that I have to insert HTML tags to get, say, line breaks or bold font. Is there an easy way to format the text so that when someone enters information into the form, the line breaks are added automatically?

In other words, to create this paragraph I don't want to type <br* /> <br* /> between it and the last one. How can I set up my form to do it for me? I thought of using the 'pre' tag but that seems really limited...

Any help appreciated! Thanks.
Want: EH Deluxe Memory Man, Warmoth Strat, Budda Superdrive 45
#2
what do you mean?
You mean, when a user enters information into a form, and submits it, if theres a line break already in it, automatically change it to HTML?

if so, you will need to be able to use PHP. If you are using that, use:
str_replace("\n","<br />,strip_tags(addslashes($_REQUEST['field'])));


I dont fully understand your question.
Been away, am back
#4
Quote by Logz
what do you mean?
You mean, when a user enters information into a form, and submits it, if theres a line break already in it, automatically change it to HTML?

if so, you will need to be able to use PHP. If you are using that, use:
str_replace("\n","<br />",strip_tags(addslashes($_REQUEST['field'])));


I dont fully understand your question.


I made a form using PHP and MySQL that generates a simple blog with just a Title, timestamp, and content area. The content area is enclosed in a <textarea> tag. If you type in something like this:

Hello
my name is
Joe Satriani.

The text displays as:

Hello my name is Joe Satriani.

ie it displays in a single line with none of the line breaks you typed normally. To get it to display the way you wrote it you'd have to type:

Hello<br* />
my name is<br* />
Joe Satriani.

I added the asterisks just in case it interferes with the post.

I'll try out the idea you gave me and report back. Thanks!

Edit: Your php worked like a charm! Thanks for the reference. I'll google it and find out more about this stuff.

Thanks again!
Want: EH Deluxe Memory Man, Warmoth Strat, Budda Superdrive 45
Last edited by bullets34 at Jun 15, 2008,
#5
ahhh if thats the case its simple!


<form action="?" method="post">
<input type="hidden" name="action" value="save">
<textarea name="content">
some text
line break

</textarea>
<input type="submit" value="submit">
</FORM>


Then for your PHP:
<?php
if($_REQUEST['action']=="save")
{
$title = $_REQUEST['TITLE FIELD NAME'];
$timestamp = date("U");
$content = str_replace("\n","<br/>",strip_tags(addslashes($_REQUEST['CONTENT'])));

$query = mysql_query("UPDATE table (title,timestamp,content) VALUES ('" . $title . "','" . $timestamp . "','" . $content . "')");
}
?>


Edit how you want. My example is incredibly simple, and i've assumed you've already opened your database connection. you may want to add more php to it, IE validate the data, etc.

Also, I would suggest adding a UID field to your database with the attributes as auto_increment and a primary key (It will help to identify records easier).
Been away, am back
#6
Quote by Logz
ahhh if thats the case its simple!


<form action="?" method="post">
<input type="hidden" name="action" value="save">
<textarea name="content">
some text
line break

</textarea>
<input type="submit" value="submit">
</FORM>


Then for your PHP:
<?php
if($_REQUEST['action']=="save")
{
$title = $_REQUEST['TITLE FIELD NAME'];
$timestamp = date("U");
$content = str_replace("\n","<br/>",strip_tags(addslashes($_REQUEST['CONTENT'])));

$query = mysql_query("UPDATE table (title,timestamp,content) VALUES ('" . $title . "','" . $timestamp . "','" . $content . "')");
}
?>


Edit how you want. My example is incredibly simple, and i've assumed you've already opened your database connection. you may want to add more php to it, IE validate the data, etc.

Also, I would suggest adding a UID field to your database with the attributes as auto_increment and a primary key (It will help to identify records easier).


Points taken! Thanks. I'll be making it more complex in time but right now I'm just learning PHP and messing around a bit.

One last question:

If I run something like:

$content = get_content_from_table(); (or whatever)
$edited_content = str_replace("\n","<br />",$content);

Does this do any harm? I ask because if I run this:

$edited_content = str_replace("\n","<br />", strip_tags(addslashes($content)));

I end up with every quotation mark and other special mark escaped. For example this line:

That's what it's all about.

Would display like this with your code:

That\'s what it\'s all about.

If you cut out the addslashes and strip_tags then it displays as it should. Am I compromising anything else, however, by doing this?

I'm also curious why you're using $_REQUEST instead of $_POST. Is there a reason or is this a stylistic preference? I also have magic_quotes turned on; does that mean I don't have to addslashes when entering into the database? So far I've encountered no problems doing it the way I described with:

$edited_content = str_replace("\n","<br />",$content);

But does this seem ok? If I'm being overly vague please ask me to clarify.
Want: EH Deluxe Memory Man, Warmoth Strat, Budda Superdrive 45
Last edited by bullets34 at Jun 15, 2008,
#7
when displaying data:

you can use this code to strip the slashes:

echo stripslashes($content);

The reason you should use the addslashes function is to avoid any php getting normal characters and special characters mixed up.
You should use the strip_tags function as well, as allowing HTML to be posted could be used by hackers or site attackers.

You can leave out the strip_tags or addslashes functions, but as a rule, i usually always add these to my strings for validation.

If you want certain HTML tags to be allowed (IE to make your text bold) you can use this function:

str_replace("\n","<br/>",strip_tags(addslashes($_REQUEST['content']),"<b><i><u><a><img>"));
Been away, am back
#9
Quote by Logz

If you want certain HTML tags to be allowed (IE to make your text bold) you can use this function:

strip_tags("\n","<br/>",strip_tags(addslashes($_REQUEST['content']),"<b><i><u><a><img>"));


Sweet.

So str_replace takes two arguments, the item that gets stripped and then a string of tags to avoid?

Out of curiosity, what could someone do using HTML tags to screw up my site? I'm not planning on doing it but I'd like to learn about it so I can be more confident of preventing them from it. Do you mean like, they could insert something like </html> in the middle of a post and end the page right there?
Want: EH Deluxe Memory Man, Warmoth Strat, Budda Superdrive 45
Last edited by bullets34 at Jun 15, 2008,
#10
This argument:
str_replace("\n","<br/>",strip_tags(addslashes($_REQUEST['content']),"<b><i><u><a><img>"));

Can be split into multiple functions:
str_replace(), strip_tags() and addslashes().

str_replace("tag to be replaced","Replace With","String");
strip_tags("String to be stripped","List of allowed tags");
addslashes("String");

You could even do it like this:
$content = strip_tags($_REQUEST['content],"<B><U><I>");
$content = addslashes($content);
$content = str_replace("\n","<br/>",$content);

if it makes it easier.
All i've done, is add all those three functions into one line of code.


As for allowing HTML tags, if your visitors are allowed to submit HTML code directly, they can add javascripts etc which can submit sensitive information to someone. For example:

A user logs in (A cookie is set containing: username,userid,other confidential information).
A user accesses a page where someone has submitted a javascript
The Javascript collects the cookie information, and forwards it to another website which saves it to a database

Basically, the visitor who inserts the code could potentially get access to users confidential information. Google Cross Site Scripting (or XSS)
Been away, am back
#11
Quote by Logz
This argument:
str_replace("\n","<br/>",strip_tags(addslashes($_REQUEST['content']),"<b><i><u><a><img>"));

Can be split into multiple functions:
str_replace(), strip_tags() and addslashes().

str_replace("tag to be replaced","Replace With","String");
strip_tags("String to be stripped","List of allowed tags");
addslashes("String");

All i've done, is add all those three functions into one line of code.


As for allowing HTML tags, if your visitors are allowed to submit HTML code directly, they can add javascripts etc which can submit sensitive information to someone. For example:

A user logs in (A cookie is set containing: username,userid,other confidential information).
A user accesses a page where someone has submitted a javascript
The Javascript collects the cookie information, and forwards it to another website which saves it to a database

Basically, the visitor who inserts the code could potentially get access to users confidential information. Google Cross Site Scripting (or XSS)


Continued coolness.

BTW I made a mistake in my last reply which (i think) led to the confusion. I wrote str_replace instead of strip_tags.

My understanding:

str_replace takes 3 arguments- 1) A string to replace, 2) what to replace it with, 3) the string to find and replace.

strip_tags takes 2 arguments- 1) a string, 2) string of allowable tags.

Thanks again for the help. I found a great site to check out (just in case you didn't know already)

PHP.net
Want: EH Deluxe Memory Man, Warmoth Strat, Budda Superdrive 45
#12
Quote by bullets34
Continued coolness.

BTW I made a mistake in my last reply which (i think) led to the confusion. I wrote str_replace instead of strip_tags.

My understanding:

str_replace takes 3 arguments- 1) A string to replace, 2) what to replace it with, 3) the string to find and replace.

strip_tags takes 2 arguments- 1) a string, 2) string of allowable tags.

Thanks again for the help. I found a great site to check out (just in case you didn't know already)

PHP.net


Yep, you got it.
all a line break is, is '\n' just replace that with <BR> and vice versa if you want to make an "edit form".

and Im very familier with php.net its helped me out alot.
If you need anything, just PM me
Been away, am back