Hi John, Sorry about the ambiguity. What I'm trying to accomplish is close to what you describe. However, before anything goes into the db (ie html chars, bad commands, or anything from Mr.Hacker), I verify it. Someone suggested, way back when I first started with textarea, to use 'htmlentities' to strip the bad items out.
"You should always save it in the database exactly how the user typed it." So far, so good. But, if I follow what you suggest (and it's eminently reasonable!) I could have some 'bad stuff' becoming 'resident' in my db. Perhaps I am paranoid, but that seems like a-bad-thing-to-do. "Save it with newlines and don't add any HTML code to it. " Ahh . . . if I save as the user typed it, assuming Mr. Hacker has added some little extras, what then?? I use a Preview mode for viewing what thgey've entered, and they must go back to the textarea box if they need to edit (which has exactly what they typed.) Oh, this all did sense to me a while ago, but I am tired, and it's beginning to sound like gibberish . Thanks again. Andre On Saturday 28 September 2002 06:44 pm, John W. Holmes wrote: > OK, I can't quite follow what you are doing. Here's what you should do. > You should always save it in the database exactly how the user typed it. > Save it with newlines and don't add any HTML code to it. Reason being, > when this has to be edited, it'll show up in the textarea the same way > the user typed it. No having to explain what the <br> are or where the > extra stuff came from. > > Then, to show a preview or whatever to the user, use > nl2br(htmlentities($text)) to send it to the browser. > > ---John Holmes... > > > -----Original Message----- > > From: Andre Dubuc [mailto:[EMAIL PROTECTED]] > > Sent: Saturday, September 28, 2002 6:25 PM > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: Re: [PHP] Htmlentities and Newlines? > > > > On Saturday 28 September 2002 03:30 pm, John W. Holmes wrote: > > > > Perhaps I don't understand the use of 'htmlentities' too well, but > > I > > > > would > > > > > > > like newlines to be retained/inserted into a db, and then if > > > > > > displayed, to > > > > > > > produce a new line from a textarea. However, I want the > > possibility of > > > > > dangerous html excluded (hence the use of 'htmlentities'). > > > > > > > > Is there some way of excluding '\n \r ' and other newline > > indicators > > > > from > > > > > > > 'htmlentities()'? Perhaps a combination of preg_match and > > something > > > > else? > > > > > > > I'm > > > > a bit brained-fried struggling with other errant parts of this > > code > > > > since > > > > > > > 6 > > > > am. > > > > Any ideas how I could proceed? > > > > > > What's wrong with > > > > > > echo nl2br(htmlentities($text)); > > > > > > ?? > > > > > > ---John Holmes... > > > > Thanks John, > > > > Well, as expected, the Preview function admirably displays text, with > > line > > > breaks, from the textarea. > > > > However, once saved in the db (which used to display <br>'s) the db > > record > > now displays the same as on screen -- line breaks with no characters > > indicating linebreaks). Yet, if I call that particular record from the > > db, > > > and display it on-screen, it's all on one line. > > > > So, I'm confused. Any ideas what to do to save it properly in the db > > so > > > that > > on display, it renders the same way as in the Preview (pre-db > > insertion) > > > mode? > > > > And now, ucfirst("$text"); refuses to work! Sigh . . . what a day! > > > > Tia, > > Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
