SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Enthusiast
    Join Date
    May 2001
    Location
    Los Angeles, California
    Posts
    86
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Slashes, quotes and bbcode

    OK, I have read all the threads here about addslashes(), stripslashes() and the evil magic_quotes. Well here it goes again, with a little twist!

    I have bbcode on my site in the form of [link="URLGOESHERE"]my site[/link]. Now, I run addslashes() (without magic_quotes on (Dr. Pepper would be proud )) before I put the data in mysql. When extracting it, I run htmlspecialchars() then I replace the [link] tags, etc. However, I get (changed the URL, so the forum wouldn't mess it up):
    PHP Code:
    <a href="&quot;URLGOESHERE&quot;" target="_blank">my site</a
    ! Not good. Anyone have an idea?
    www.iyeinteractive.com - Website Design and Programming
    www.totalnonsense.net - my site, Under Construction

  2. #2
    Prolific Blogger silver trophy Technosailor's Avatar
    Join Date
    Jun 2001
    Location
    Before These Crowded Streets
    Posts
    9,446
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    why are you encoding the original quotation marks? If you don't send those to the db then you won't have aproblem turning them into HTML Special characters...

    Sketch
    Aaron Brazell
    Technosailor



  3. #3
    SitePoint Enthusiast
    Join Date
    May 2001
    Location
    Los Angeles, California
    Posts
    86
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You mean why am I doing addslashes()?

    Or why am changing the quote marks to quot;?
    If it is the former, I am doing addslashes() so the INSERT command won't screw up
    PHP Code:
    mysql_query("INSERT INTO news (userid, date, title, text) VALUES ('$userid', NOW(), '$title', 'hello I'm jose')"); 
    that wouldn't work.

    If you are asking the latter, htmlspecialchars() changes the quotemarks to quot; but that then screws up my preg_replace() commands ([link] -> <a>). If I switch and do the preg_replace first, then htmlspecialchars() it will replace the <> with the actual tags and won't print any HTML at all! Not good.

    You probably aren't asking about either of them...
    Last edited by wmk86; Jun 25, 2002 at 18:06.
    www.iyeinteractive.com - Website Design and Programming
    www.totalnonsense.net - my site, Under Construction

  4. #4
    Prolific Blogger silver trophy Technosailor's Avatar
    Join Date
    Jun 2001
    Location
    Before These Crowded Streets
    Posts
    9,446
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what are you literally inserting into the db originally?
    Aaron Brazell
    Technosailor



  5. #5
    SitePoint Enthusiast
    Join Date
    May 2001
    Location
    Los Angeles, California
    Posts
    86
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You mean this?:
    PHP Code:
    function insertnews ($title$text) {
        
    $userid $_SESSION['userid'];
        
    addslashes($title);
        
    addslashes($text);
        
    $query mysql_query("INSERT INTO news (userid, date, title, text) VALUES ('$userid', NOW(), '$title', '$text')");
        echo 
    "Submitted!";

    It is a news script.
    Last edited by wmk86; Jun 25, 2002 at 18:08.
    www.iyeinteractive.com - Website Design and Programming
    www.totalnonsense.net - my site, Under Construction

  6. #6
    SitePoint Evangelist cyngon's Avatar
    Join Date
    Aug 2001
    Location
    Livonia, MI, USA
    Posts
    513
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Edit: Thought of a much better solution. . .

    In your code that translates [link] tags into HTML <a href=""> tags, have it look for the translated characters ("& q u o t ;" for double quote) instead of an actual double quote.

    If you post your bbcode translation code for links here I'm sure either myself or someone of greater regex mastery will be able to help you make this modification.
    Last edited by cyngon; Jun 25, 2002 at 18:48.

  7. #7
    SitePoint Enthusiast
    Join Date
    May 2001
    Location
    Los Angeles, California
    Posts
    86
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hmm, ok . I thought I have seen what I am trying to do be done before. But no problem, here is the current code:
    Code:
    $text = preg_replace("/\[link=[\"]?([^\]^\"]*)[\"]?\]([^\[]*)\[\/link\]/", "$link$1$link2$2</a>" , $text);
    www.iyeinteractive.com - Website Design and Programming
    www.totalnonsense.net - my site, Under Construction

  8. #8
    SitePoint Evangelist cyngon's Avatar
    Join Date
    Aug 2001
    Location
    Livonia, MI, USA
    Posts
    513
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why is $link in that regex?

    I'm not that good with regex, but I'm also confused by the fact that you don't use anything like \\1 or \\2 in the second argument of preg_replace. Woulden't you need to use \\1 instead of $1? or is there an alternate syntax I don't know about?

  9. #9
    SitePoint Enthusiast
    Join Date
    May 2001
    Location
    Los Angeles, California
    Posts
    86
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't know that much either (I got this code from someone else ) but I believe \\1 is for ereg* while $1 is for preg.

    And the variables above the code are these:
    PHP Code:
    $imdb '<a href="http://www.imdb.com/Title?';
    $link '<a href="';
    $link2 '" target="_blank">';
    $img '<img src="'
    Edit - Works now!
    I did htmlspecialchar() then replaced '=&q uot;' with '="' and '&q uot;]' with '"]' then ran my original [link] preg_replace.

    Anyway, thanks guys for the help
    Last edited by wmk86; Jun 25, 2002 at 19:46.
    www.iyeinteractive.com - Website Design and Programming
    www.totalnonsense.net - my site, Under Construction

  10. #10
    SitePoint Evangelist cyngon's Avatar
    Join Date
    Aug 2001
    Location
    Livonia, MI, USA
    Posts
    513
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't see anything about a $1 syntax for preg regex's in the manual, but it does talk about the \\1 syntax.

    Here is my shot at a regex:

    Code:
    $text = preg_replace("/\[link=[&quot;]([^\]^\"]*)[&quot;]\]([^\[]*)\[\/link\]/e", "$link.'\\1'.$link2.'\\2'.'</a>'" , $text);
    Let me know how that does for you. I'm a really crummy regex coder, but give it a shot.

    Edit: Not to self (and everyone): Regex code is usually better off being posted in CODE tags instead of PHP tags since vB will mess with slashes in PHP code.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •