m3rajk — Thu, 06 Nov 2003 22:33:14 +0000

Busy wrote: I like the html character one
$stuff = htmlspecialchars($stuff);
the other one is addslashes() / stripslashes()

actually the slashes are for slashing out things such as " and 'that may need it for a db.

the htmlspecialchars and HTMLENTITIES are for removing html so that people cannot put in scripts or such upon your pages viia posting.

Busy — Sun, 02 Nov 2003 08:55:31 +0000

you should really have the 'type' of input it is as well (type="text"), also quotes around all values

Suzanne — Sun, 02 Nov 2003 01:34:10 +0000

Heh -- when in doubt, view source. I've done it too often to mention myself.

robvdl — Sun, 02 Nov 2003 00:56:28 +0000

argh! got it... sorry about the hassle...

I had an edit page. where I would reload the previously entered content into all the fields

like so:

if I previously entered say " in the field and saved it
then go back to the edit page - the fields will be reloaded with the code above
if you looked at the output html it would read

but on the screen it would read " inside the edit field, not " - that is where it went wrong!!!! after clicking save again on that form, it would change it to a " in the database

all I had to do is start with blank fields:

then call a php generated javascript function to fill the form - that worked...

function fillForm() {
<? echo "document.formname.caption.value='$caption';\n"; ?>
}

just means I now have to first parse the $caption string in php, and replace any ' with \' so it does not stuff up the javascript but that is not too bad

once again, sorry about the hassle - should have seen that ages ago

robvdl — Sat, 01 Nov 2003 23:10:18 +0000

yes it is being converted here is how I am sure:

document1.php:

The user puts this in the field: " clicks submit/save

document2.php:

the variable $caption now contains " not " like I need it to

Suzanne — Sat, 01 Nov 2003 23:02:18 +0000

Are you sure that the data is being converted? Or is it being displayed weirdly instead? It shouldn't be converted unless you tell it to be converted.

Per usual, an url or sample code would help people set you on the right path. Your solution, while it works, means a LOT of extra work for no good reason?

robvdl — Sat, 01 Nov 2003 22:55:20 +0000

Hmmm, well, I tried some answers, no luck - but I found my own way that works.

problem is, the textarea seemed to be converted automatically when the submit button was pressed, and I seemed to have no control over it

yes, it is true, you should be able to reconvert back to html, after the form had been sent, with some special function. But I think if there were some odd cases, the field could not be converted back exactly the way the field was before submit was pressed, by such a function. if you get what I mean. - maybe not..

I just find it odd, the form is converted automatically when submit is pressed in the first place - I mean, what is the point of that?

anyway, I got so desperate and I thought of an alternative way out.

I created two forms, one with actual fields + a submit button, this is the temp form. but the submit button goes to a javascript function instead

the second form, is full of hidden fields. when the submit button is pressed on the temp form, the javascript converts all text fields to hex strings eg "B023AF" in groups of two it copies them to the hidden fields on the second form, and uses javascript to post the second form instead

crude, but it works. I just decode the strings back at the other end in php, and the fields are perfect.

Busy — Sat, 01 Nov 2003 09:20:34 +0000

I like the html character one
$stuff = htmlspecialchars($stuff);
the other one is addslashes() / stripslashes()

Suzanne — Sat, 01 Nov 2003 02:56:40 +0000

$stringvariablename = str_replace ("&","&",$stringvariablename);

Alternatively there are a number of html functions that preserve and/or strip html from the input and replace it in the db as something else.

Then you can do another function on the data on the way out of the db to HTMLize it.

In general you want to convert the fields to prevent mean nasty hackers from entering bad news into your forms and causing mischief...