SitePoint Sponsor

User Tag List

Results 1 to 14 of 14
  1. #1
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Taunton, UK
    Posts
    787
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    newline etc (\r\n\r\) characters when editing text area

    I am creating a form to allow a user to edit some text that is stored in the database.

    If I enter some text into the text area field such as

    Code:
    This is paragraph one.
    
    This is paragraph two.
    I am experiencing a problem that when I submit the text, the text then appears in the text area field as follows:

    Code:
    This is paragraph one.\r\n\r\nThis is paragraph two.
    I am able to display the text correctly on the publicly viewable page using

    Code:
    $additionalInfo = nl2br($additionalInfo);
    I basically would like the text in the text area to remain as it was after clicking submit and not lose its formatting to be replaced with the \r\n\r\n characters
    Mediakitchen Limited
    App Development | Website Design & Development | Flash Game Development
    Somerset, UK
    http://www.mediakitchen.co.uk

  2. #2
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    It's because you are addslashes-ing the input. If you have Magic-Quotes off (Which you should) and use correct escaping techniques on the data (i.e. mysql_real_escape_string for database input), then the output shouldn't need to be stripped.

    But a temporary solution would be to echo the stripslashes of the variable into the textbox.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  3. #3
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Taunton, UK
    Posts
    787
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Don't think I am using addslashes

    Here is my code

    Code:
    $additionalInfo = mysql_real_escape_string($_POST["additionalInfo"]);
    magic_quotes_gpc Off Off
    magic_quotes_runtime Off Off
    magic_quotes_sybase Off Off
    Mediakitchen Limited
    App Development | Website Design & Development | Flash Game Development
    Somerset, UK
    http://www.mediakitchen.co.uk

  4. #4
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    <?php echo "$additionalInfo"?>
    or
    PHP Code:
    <?php
    echo str_replace(array('\r''\n'), array(chr(13), chr(10)), $additionalInfo);
    ?>
    It sounds like the new line and carriage returns are not being interpreted as so.
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  5. #5
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Taunton, UK
    Posts
    787
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Anthony

    The second of your suggestions done the trick!!
    Mediakitchen Limited
    App Development | Website Design & Development | Flash Game Development
    Somerset, UK
    http://www.mediakitchen.co.uk

  6. #6
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    I preferred the 2nd too.
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  7. #7
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Taunton, UK
    Posts
    787
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Guess I now need to use this code on all the editing pages on my site - weird thing is I have never had to do this before but it is a different hosting company this site is on - perhaps that makes a difference!
    Mediakitchen Limited
    App Development | Website Design & Development | Flash Game Development
    Somerset, UK
    http://www.mediakitchen.co.uk

  8. #8
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Yep, in which case it's going to be Magic quotes.

    A simpler solution would be to disable it in .htaccess. That way there'd be no reason to edit your pages.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  9. #9
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Taunton, UK
    Posts
    787
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I thought magic quotes is off

    Here are the settings in my php.ini file

    magic_quotes_gpc Off Off
    magic_quotes_runtime Off Off
    magic_quotes_sybase Off Off
    Mediakitchen Limited
    App Development | Website Design & Development | Flash Game Development
    Somerset, UK
    http://www.mediakitchen.co.uk

  10. #10
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The value returned from mysql_real_escape_string() is meant to be used for a single purpose only, and that's a database query. You cannot use this specially prepared string for anything else, you're trying to output it into html, which is wrong.

    PHP Code:
    $only_use_me_in_a_query mysql_real_escape_string($_POST['foo']);

    // bad, string is not suitable for html context
    echo "<p>$only_use_me_in_a_query </p>";

    // better, string is semi suitable(unmodified), although may not always work as intended if string contains html
    echo "<p>$_POST[foo]</p>";

    // best, string is properly prepared for html context
    echo "<p>" htmlspecialchars($_POST['foo']) ."</p>"

  11. #11
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Taunton, UK
    Posts
    787
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorry for delay in replying - I was away for the day yesterday to London.

    Anyway thanks crmalibu - that really helps to know about the mysql_real_escape_string - eep I think I may need to make some changes to quite a few sites

    Cheers

    Paul
    Mediakitchen Limited
    App Development | Website Design & Development | Flash Game Development
    Somerset, UK
    http://www.mediakitchen.co.uk

  12. #12
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Taunton, UK
    Posts
    787
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have now got the formatting working the way I want it to work. It looks like I will need to make amends to several other sites that I have developed too to deal with formatting like this.

    Anyway before I do so, I would appreciate any comments on whether the following is the correct way to do this.

    Ensure Magic quotes is off

    For my edit page use the following code:

    Code:
    <?php
    
    if ($_POST["submit"]) { 	
    
    		$accommodationId = $_GET["accommodationId"];		
    				
    		// ------------------------
    		// Get all form data values
    		// ------------------------	
    
    		$description = $_POST["description"];
    
                    // -------------------------------------------------------
    		// Check if any of the required fields have not been filled in
    		// -----------------------------------------------------------	
    
    
    		if(trim($description)=='') { 
    
    			$arrErrors['description']="Please enter the description of your accommodation<br>";				
    
    		} 
    
    
    		if (count($arrErrors) == 0) {
    
    
    			$query = "UPDATE accommodation SET description='" .mysql_real_escape_string($description) . "'
    			WHERE id ='" .mysql_real_escape_string($accommodationId) . "'";
    
    			mysql_query($query) or die(mysql_error());
    			mysql_close();	
    
    
    		}
    
    
    }

    Then on the same page in the form area where the user can edit the description have the following:

    Code:
    <textarea name=description wrap=physical rows=10 cols=47 ><?php echo str_replace(array('\r', '\n'), array(chr(13), chr(10)), $description); ?></textarea>

    Finally on the page that I actually display the description as part of a listing the following

    Code:
    $description = $row->description;
    $description = nl2br($description);

    All advice much appreciated.

    Thanks

    Paul
    Mediakitchen Limited
    App Development | Website Design & Development | Flash Game Development
    Somerset, UK
    http://www.mediakitchen.co.uk

  13. #13
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Yeah that's fine.

    I would recommend, after that, replacing double breaks (i.e. <br /><br />) with </p><p>.

    Also, look into PDO. That would allow you to not even worry about user input on the database level.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  14. #14
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Taunton, UK
    Posts
    787
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey thanks Arkinstall - I will make the change you suggested.

    And thanks for the heads up on PDO - never heard about that before
    Mediakitchen Limited
    App Development | Website Design & Development | Flash Game Development
    Somerset, UK
    http://www.mediakitchen.co.uk


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •