Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 8 of 8
  1. #1
    Senior Member ericbusch's Avatar
    Join Date
    Aug 2003
    Location
    Daejeon, South Korea
    Posts
    241
    Member #
    2779
    I am building a message board but there is a small glitch.

    What is the trick for getting text to appear like it was typed in with 'returns' and 'spaces'?

    Thanks,
    Eric
    Blogs For Sale - Each blog is packed with 1000s of signatures and ads are highly integrated into the site. Great CTR! Completely customizable from Admin CP. On Sale!
    Complete Websites For Sale - Fantastic looking sites rich with content. Come complete with domain names. I only have a couple of these.

  2.  

  3. #2
    Senior Member mossoi's Avatar
    Join Date
    Apr 2003
    Location
    Englandshire, United Kingdomsville y'all!
    Posts
    1,111
    Member #
    1206
    Liked
    1 times
    You need to use "replace". It's better to do this on the page that displays the text rather than before it goes into the database - that way the stored data remains true to the original input.

    It's probably worth replacing other characters such as ", ', < and > so that no malicious code can be executed through a post - you may already know this but it's still worth a mention.

    Code:
    $Your_variable = str_replace('"', "''", $Your_variable);
    $Your_variable = str_replace("'", "'", $Your_variable);
    $Your_variable = str_replace("<", "<", $Your_variable);
    $Your_variable = str_replace(">", ">", $Your_variable);
    $Your_variable = str_replace("=", "=", $Your_variable);
    $Your_variable = str_replace("\r", "<br>", $Your_variable);
    Line by line:

    1. Replaces " with '' (2 apostrophes)
    2. Replaces ' with the HTML code for apostophe. (not sure about PHP but this is a BIG problem in ASP)
    3 and 4. Replace < and > with the the HTML code for the symbols to stop tags executing.
    5. Not sure if replacing the = symbol is necessary but I like the idea of stopping SQL injection that way.
    6. Replace the carriage return with <br>

    Not sure if you need it but you can also replace the space with &nbsp; (HTML code for space)

    $Your_variable = str_replace(" ", "&nbsp;", $Your_variable);

    If there are any other symbols that can cause problems maybe somebody else has a list - I'm pretty new to PHP and there may be differences to ASP that I've overlooked.

    If you're going to replace the < > then make sure you do that before you replace /r for <br> otherwise the code outputs &#60;br&#62; which then just prints <br> in the text of the message.

    There's a list of number codes for special characters here http://hotwired.lycos.com/webmonkey/...al_characters/

  4. #3
    Senior Member ericbusch's Avatar
    Join Date
    Aug 2003
    Location
    Daejeon, South Korea
    Posts
    241
    Member #
    2779
    Perfect!

    Mossoi~

    Thanks a lot! Worked like a charm!

    Eric
    Blogs For Sale - Each blog is packed with 1000s of signatures and ads are highly integrated into the site. Great CTR! Completely customizable from Admin CP. On Sale!
    Complete Websites For Sale - Fantastic looking sites rich with content. Come complete with domain names. I only have a couple of these.

  5. #4
    Senior Member nsr81's Avatar
    Join Date
    Oct 2002
    Posts
    1,132
    Member #
    250
    Liked
    15 times
    That's a one liner
    PHP Code:
    $Your_variable nl2br(htmlspecialchars($Your_variable )); 
    There and Back Again :Ogre:

  6. #5
    Senior Member mossoi's Avatar
    Join Date
    Apr 2003
    Location
    Englandshire, United Kingdomsville y'all!
    Posts
    1,111
    Member #
    1206
    Liked
    1 times
    That makes life a lot easier! Although it doesn't do apostrophe's.

  7. #6
    Senior Member nsr81's Avatar
    Join Date
    Oct 2002
    Posts
    1,132
    Member #
    250
    Liked
    15 times
    sure does, just have to change the function call a little bit.

    http://us2.php.net/htmlspecialchars
    There and Back Again :Ogre:

  8. #7
    Senior Member mossoi's Avatar
    Join Date
    Apr 2003
    Location
    Englandshire, United Kingdomsville y'all!
    Posts
    1,111
    Member #
    1206
    Liked
    1 times
    I was hoping you'd say that!

  9. #8
    Senior Member nsr81's Avatar
    Join Date
    Oct 2002
    Posts
    1,132
    Member #
    250
    Liked
    15 times
    There and Back Again :Ogre:


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 03:04 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com