I am just putting the finishing touches to a comment system. It uses Asynchronous HTML over HTTP to send a comment (GET request) entered into a text area.
My question is, should be escapeing / encodeing this string before it is sent? I am concerned a user might enter some characters that might break the query string, and therefor not be able to submit their comment (I hope that makes sense).
encodeURIComponent would be a good method to use when dealing with query strings in the URI
Ah yes thats the one I had in mind - I used it last year and couldnt remember the name.
Just one other question for you. On facebook when you enter say a comment into your status or wherever, it remembers formatting such as horizontal space between paragraphs, and I was wondering how do they acehive this?
In the past when ive written comment systems it just ends up as one big string !:eye:
All you need to do is write a simple replace string that replaces
\ = tab\ = new line\r = return' ' = space
Replacements\ = - Usually its 4 indents for a tab\ = <br />\r = <br />' ' =
Could you give me an example of how to do that possibly?
It is sent straight to my PHP script, run through :-
$strComment = mysql_real_escape_string(trim ($_GET['strComment']));
then put into the DB, later down the page extracted and echo'd to the document.
Give this a try
$strComment = mysql_real_escape_string(trim($_GET['strComment']));
$strComment = str_replace('\ ', ' ', $strComment);
$strComment = str_replace(array('\
','\\r'), '<br />', $strComment);
$strComment = str_replace(' ', ' ', $strComment);
That looks great! Im getting an error thought:-
Parse error: syntax error, unexpected T_VARIABLE, expecting ')' in /home/mattacuk/public_html/fishspots.net/devshed/Warrington/Comment/comment_Rpc.php on line 46
My mistake, i updated the code above
Hmmm, its coming out like this "This is the first parapgraph.This is the first parapgraph."
This seems to work though:-
$strComment = str_replace(array("\
", "\\r", "\ "), array("<br />", "<br />", " "), $_GET['strComment']);
$strFComment = mysql_real_escape_string(trim ($strComment));