Prepare text area string for AJAX?

Hey all,

I am just putting the finishing touches to a comment system. It uses Asynchronous HTML over HTTP to send a comment (GET request) entered into a text area.

My question is, should be escapeing / encodeing this string before it is sent? I am concerned a user might enter some characters that might break the query string, and therefor not be able to submit their comment (I hope that makes sense).

encodeURIComponent would be a good method to use when dealing with query strings in the URI

Hello SgtLegend,

Ah yes thats the one I had in mind - I used it last year and couldnt remember the name.

Just one other question for you. On facebook when you enter say a comment into your status or wherever, it remembers formatting such as horizontal space between paragraphs, and I was wondering how do they acehive this?

In the past when ive written comment systems it just ends up as one big string !:eye:

All you need to do is write a simple replace string that replaces

\ = tab

= new line
\r = return
’ ’ = space

\ =      - Usually its 4 indents for a tab

= <br />
\r = <br />
’ ’ =  

Could you give me an example of how to do that possibly? :slight_smile:

How do you plan on parsing it? Server side or using javascript

It is sent straight to my PHP script, run through :-

$strComment = mysql_real_escape_string(trim ($_GET['strComment']));

then put into the DB, later down the page extracted and echo’d to the document.

Give this a try

$strComment = mysql_real_escape_string(trim($_GET['strComment']));
$strComment = str_replace('\	', '&nbsp;&nbsp;&nbsp;&nbsp;', $strComment);
$strComment = str_replace(array('\
','\\r'), '<br />', $strComment);
$strComment = str_replace(' ', '&nbsp;', $strComment);

That looks great! Im getting an error thought:-

Parse error: syntax error, unexpected T_VARIABLE, expecting ‘)’ in /home/mattacuk/public_html/ on line 46

My mistake, i updated the code above

Hmmm, its coming out like this “This is the first parapgraph.This is the first parapgraph.” :slight_smile:

This seems to work though:-

$strComment  = str_replace(array("\
", "\\r", "\	"), array("<br />", "<br />", "&nbsp;&nbsp;&nbsp;&nbsp;"), $_GET['strComment']);
		$strFComment  = mysql_real_escape_string(trim ($strComment));