Re: [PHP] textarea/display question...

2004-07-21 Thread John W. Holmes 
Dennis Gearon wrote:
Make sure to remove tags via:
$var_that_will_be_displayed = strip_tags( 
$var_from_user_input_via_POST_or_GET_or_COOKIE );

if you are going to display or mail it as part of a link(email or URL), 
you might do this instead:

$var_that_will_be_part_of_a_link = strip_tags( rawurldecode( 
$var_from_user_input_via_POST_or_GET_or_COOKIE ) );

See this page:
http://www.cgisecurity.com/articles/xss-faq.shtml
Yeah, use strip_tags so you can get rid of evil, malicious content such 
as ... gasp! Just use htmlentities() like others have already 
suggested, so you don't change the users input. There's nothing more 
annoying than programs that strip out content from what users write 
because they think it's bad. Using allowed_tags with strip_tags() just 
introduces the possibility for vulnerabilities since attributes aren't 
checked. Javascript in a  tag, you say? Yep...

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] textarea/display question...

2004-07-21 Thread Dennis Gearon 
Make sure to remove tags via:
$var_that_will_be_displayed = strip_tags( 
$var_from_user_input_via_POST_or_GET_or_COOKIE );
if you are going to display or mail it as part of a link(email or URL), you might do 
this instead:
$var_that_will_be_part_of_a_link = strip_tags( rawurldecode( 
$var_from_user_input_via_POST_or_GET_or_COOKIE ) );
See this page:
http://www.cgisecurity.com/articles/xss-faq.shtml
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] textarea/display question...

2004-07-20 Thread Marek Kilimajer 
bruce wrote:
$foo = 'blah';

Everything but one thing has been said: You should always use 
htmlspecialchars() to output value of textarea

$foo = 'blah';
echo '' . htmlspecialchars($foo) . '';
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] textarea/display question...

2004-07-20 Thread Pablo Gosse 
Stut wrote:
> On Tue, 20 Jul 2004 11:51:22 -0700, bruce <[EMAIL PROTECTED]>
> wrote: 
>> with an iframe... can i allow the user to make changes... and then
>> capture the "data" as a value for a post within a form..???
>> 
>> in other words...does it closely give me what a textarea does with
>> regards to allowing a user to make mods to the information?
> 
> What you're looking for is a replace for  that supports
> HTML editing. Try http://www.interactivetools.com/products/htmlarea/
> (IE only unfortunately - but there are others, try searching Google
> for "edit html textarea" or similar to find them).   
> 
>> ps.. to you guys who said that the  doesn't have a
>> value=''.. it does...
> 
> Erm, no, it doesn't.
> 
> --
> Stut

There is a newer version of the HTMLarea from Interactive Tools, and it
is supported by IE 5.x, Mozilla, Firefox, etc.

http://dynarch.com/mishoo/htmlarea.epl

HTH.

Pablo

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] textarea/display question...

2004-07-20 Thread Stut 
On Tue, 20 Jul 2004 11:51:22 -0700, bruce <[EMAIL PROTECTED]> wrote:
> with an iframe... can i allow the user to make changes... and then capture
> the "data" as a value for a post within a form..???
> 
> in other words...does it closely give me what a textarea does with regards
> to allowing a user to make mods to the information?

What you're looking for is a replace for  that supports HTML
editing. Try http://www.interactivetools.com/products/htmlarea/ (IE
only unfortunately - but there are others, try searching Google for
"edit html textarea" or similar to find them).

> ps.. to you guys who said that the  doesn't have a value=''.. it
> does...

Erm, no, it doesn't.

-- 
Stut

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] textarea/display question...

2004-07-20 Thread John W. Holmes 
bruce wrote:
ps.. to you guys who said that the  doesn't have a value=''.. it
does...
No, it doesn't. Pleae upgrade your textbooks.
http://www.w3.org/TR/html4/interact/forms.html#h-17.7
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] textarea/display question...

2004-07-20 Thread Jason Davidson 
you can set designmode on a iframe to make it editable if you like,
you can use javascript to use commands from the browser on the iframe
even.  And textarea may have a value attribute, however the element is
meant to tag its displayed value from between the open and close tags.

Jason

On Tue, 20 Jul 2004 11:51:22 -0700, bruce <[EMAIL PROTECTED]> wrote:
> vail...
> 
> with an iframe... can i allow the user to make changes... and then capture
> the "data" as a value for a post within a form..???
> 
> in other words...does it closely give me what a textarea does with regards
> to allowing a user to make mods to the information?
> 
> -thanks..
> 
> ps.. to you guys who said that the  doesn't have a value=''.. it
> does...
> 
> 
> -Original Message-
> From: Vail, Warren [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 20, 2004 11:20 AM
> To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
> Subject: RE: [PHP] textarea/display question...
> 
> Have you considered an imbedded frame?  (Looks like a textarea, with the
> ability to imbed all types of controls (and tables) within it).  I'm not
> sure that all browsers support  yet, but the most widely used one
> does.
> 
> Another approach would be to use sprinf() formatting to imbed
> leading/trailing spaces to allow everything to line up, assuming your text
> area uses a fixed pitch font like courier.  Course since the control is an
> input control, trust your users are going to screw up the alignment, and
> don't count on getting the data back all neatly lined up.
> 
> Warren Vail
> 
> 
> 
> 
> -Original Message-
> From: bruce [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 20, 2004 10:59 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] textarea/display question...
> 
> hi..
> 
> i'm presenting a textarea to the user...
> 
> i'd like to be able to display the information within the textarea in a
>  format. this would allow me to highlight the material that the user
> should modify. however, i can't figure out how to accomplish this...
> 
> $foo = 'blah';
> 
> 
> something like the above, but without displaying all the attrib stuff...
> 
> any ideas/pointers would be appreciated..
> 
> thanks
> 
> -bruce
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] textarea/display question...

2004-07-20 Thread Matthew Sims 
>
> ps.. to you guys who said that the  doesn't have a value=''.. it
> does...


Please, in this documentation from the W3C's site, show me where there's a
value attribute for textarea.

http://www.w3.org/TR/1998/REC-html40-19980424/interact/forms.html#h-17.7

--Matthew Sims
--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] textarea/display question...

2004-07-20 Thread Matt M. 
> ps.. to you guys who said that the  doesn't have a value=''.. it
> does...

Where did you find this out?  I was pretty sure that is did not have
the value attribute.

http://msdn.microsoft.com/workshop/author/dhtml/reference/objects/textarea.asp

http://www.w3.org/TR/REC-html40/interact/forms.html#h-17.7

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] textarea/display question...

2004-07-20 Thread Vail, Warren 
That is a tough question to answer simply, but the basic answer is yes.

What appears in the IFRAME is actually another web page, complete with it's
own set of controls and it's own form, and something to trigger the
submission of that form (separately from the page containing the IFRAME).
Suppose your entire form consisted of a collection of text controls (one for
each cell in your table);

Assume you have your data in a 2 dimension array $darray.  To display the
array on a page;

Echo "";
For($row = 0; $row < $height; $row++) {
echo "";
for($col = 0; $col < $width; $col++) {
  echo "\n";
}
echo "";
}
Echo "";

This would look much like a VB grid control, notice that a table by itself
is not an input type control.  This is just one solution, and so many are
available.  Notice that the form will return a multi-dimension array;

$returnarray = $_GET["farray"];

Hope this gets you started.

Warren Vail


-Original Message-
From: bruce [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 20, 2004 11:51 AM
To: Vail, Warren; [EMAIL PROTECTED]
Subject: RE: [PHP] textarea/display question...


vail...

with an iframe... can i allow the user to make changes... and then capture
the "data" as a value for a post within a form..???

in other words...does it closely give me what a textarea does with regards
to allowing a user to make mods to the information?

-thanks..

ps.. to you guys who said that the  doesn't have a value=''.. it
does...



-Original Message-
From: Vail, Warren [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 20, 2004 11:20 AM
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: RE: [PHP] textarea/display question...


Have you considered an imbedded frame?  (Looks like a textarea, with the
ability to imbed all types of controls (and tables) within it).  I'm not
sure that all browsers support  yet, but the most widely used one
does.

Another approach would be to use sprinf() formatting to imbed
leading/trailing spaces to allow everything to line up, assuming your text
area uses a fixed pitch font like courier.  Course since the control is an
input control, trust your users are going to screw up the alignment, and
don't count on getting the data back all neatly lined up.

Warren Vail


-Original Message-
From: bruce [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 20, 2004 10:59 AM
To: [EMAIL PROTECTED]
Subject: [PHP] textarea/display question...


hi..

i'm presenting a textarea to the user...

i'd like to be able to display the information within the textarea in a
 format. this would allow me to highlight the material that the user
should modify. however, i can't figure out how to accomplish this...

$foo = 'blah';


something like the above, but without displaying all the attrib stuff...

any ideas/pointers would be appreciated..

thanks

-bruce

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] textarea/display question...

2004-07-20 Thread Vail, Warren 
Yes, but by nature, it must be a separate form.  What appears in the IFRAME
is like any other frame, an entire web page, and as a separate web page and
separate form, it must have it's own submit button (within the form).
Course you could cause some of the other controls on the form to trigger the
submit, like changing a selection on a  list;


this is a


Hope this helps,

Warren Vail


-Original Message-
From: bruce [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 20, 2004 11:51 AM
To: Vail, Warren; [EMAIL PROTECTED]
Subject: RE: [PHP] textarea/display question...


vail...

with an iframe... can i allow the user to make changes... and then capture
the "data" as a value for a post within a form..???

in other words...does it closely give me what a textarea does with regards
to allowing a user to make mods to the information?

-thanks..

ps.. to you guys who said that the  doesn't have a value=''.. it
does...



-Original Message-
From: Vail, Warren [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 20, 2004 11:20 AM
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: RE: [PHP] textarea/display question...


Have you considered an imbedded frame?  (Looks like a textarea, with the
ability to imbed all types of controls (and tables) within it).  I'm not
sure that all browsers support  yet, but the most widely used one
does.

Another approach would be to use sprinf() formatting to imbed
leading/trailing spaces to allow everything to line up, assuming your text
area uses a fixed pitch font like courier.  Course since the control is an
input control, trust your users are going to screw up the alignment, and
don't count on getting the data back all neatly lined up.

Warren Vail


-Original Message-
From: bruce [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 20, 2004 10:59 AM
To: [EMAIL PROTECTED]
Subject: [PHP] textarea/display question...


hi..

i'm presenting a textarea to the user...

i'd like to be able to display the information within the textarea in a
 format. this would allow me to highlight the material that the user
should modify. however, i can't figure out how to accomplish this...

$foo = 'blah';


something like the above, but without displaying all the attrib stuff...

any ideas/pointers would be appreciated..

thanks

-bruce

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] textarea/display question...

2004-07-20 Thread Justin Patrin 
On Tue, 20 Jul 2004 10:59:06 -0700, bruce <[EMAIL PROTECTED]> wrote:
> hi..
> 
> i'm presenting a textarea to the user...
> 
> i'd like to be able to display the information within the textarea in a
>  format. this would allow me to highlight the material that the user
> should modify. however, i can't figure out how to accomplish this...
> 
> $foo = 'blah';
> 
> 
> something like the above, but without displaying all the attrib stuff...
> 
> any ideas/pointers would be appreciated..
> 

First of all, textareas don't have a "value" attribute, you put the
text between the  tags.

Second, you simply can't do that. Textareas are normal text only.

However, there are JavaScript plugins you can use to do this:
http://dynarch.com/mishoo/htmlarea.epl

-- 
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder

paperCrane --Justin Patrin--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] textarea/display question...

2004-07-20 Thread bruce 
vail...

with an iframe... can i allow the user to make changes... and then capture
the "data" as a value for a post within a form..???

in other words...does it closely give me what a textarea does with regards
to allowing a user to make mods to the information?

-thanks..

ps.. to you guys who said that the  doesn't have a value=''.. it
does...



-Original Message-
From: Vail, Warren [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 20, 2004 11:20 AM
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: RE: [PHP] textarea/display question...


Have you considered an imbedded frame?  (Looks like a textarea, with the
ability to imbed all types of controls (and tables) within it).  I'm not
sure that all browsers support  yet, but the most widely used one
does.

Another approach would be to use sprinf() formatting to imbed
leading/trailing spaces to allow everything to line up, assuming your text
area uses a fixed pitch font like courier.  Course since the control is an
input control, trust your users are going to screw up the alignment, and
don't count on getting the data back all neatly lined up.

Warren Vail


-Original Message-
From: bruce [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 20, 2004 10:59 AM
To: [EMAIL PROTECTED]
Subject: [PHP] textarea/display question...


hi..

i'm presenting a textarea to the user...

i'd like to be able to display the information within the textarea in a
 format. this would allow me to highlight the material that the user
should modify. however, i can't figure out how to accomplish this...

$foo = 'blah';


something like the above, but without displaying all the attrib stuff...

any ideas/pointers would be appreciated..

thanks

-bruce

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] textarea/display question...

2004-07-20 Thread John W. Holmes 
bruce wrote:

Please review your HTML textbook. There is no "value" attribute for a 
textarea.

$foo
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] textarea/display question...

2004-07-20 Thread Will Collins 
I've always gotten errors when trying to use the "value" property of a
textarea.  Put the value info between the  tabs.

-Original Message-
From: bruce [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 20, 2004 12:59 PM
To: [EMAIL PROTECTED]
Subject: [PHP] textarea/display question...

hi..

i'm presenting a textarea to the user...

i'd like to be able to display the information within the textarea in a
 format. this would allow me to highlight the material that the user
should modify. however, i can't figure out how to accomplish this...

$foo = 'blah';


something like the above, but without displaying all the attrib stuff...

any ideas/pointers would be appreciated..

thanks

-bruce

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] textarea/display question...

2004-07-20 Thread Vail, Warren 
Have you considered an imbedded frame?  (Looks like a textarea, with the
ability to imbed all types of controls (and tables) within it).  I'm not
sure that all browsers support  yet, but the most widely used one
does.

Another approach would be to use sprinf() formatting to imbed
leading/trailing spaces to allow everything to line up, assuming your text
area uses a fixed pitch font like courier.  Course since the control is an
input control, trust your users are going to screw up the alignment, and
don't count on getting the data back all neatly lined up.

Warren Vail


-Original Message-
From: bruce [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 20, 2004 10:59 AM
To: [EMAIL PROTECTED]
Subject: [PHP] textarea/display question...


hi..

i'm presenting a textarea to the user...

i'd like to be able to display the information within the textarea in a
 format. this would allow me to highlight the material that the user
should modify. however, i can't figure out how to accomplish this...

$foo = 'blah';


something like the above, but without displaying all the attrib stuff...

any ideas/pointers would be appreciated..

thanks

-bruce

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] textarea/display question...

2004-07-20 Thread Dan Joseph 
Hi,

With textarea, there is no value...

$foo

-Dan Joseph

> $foo = 'blah';
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] textarea/display question...

2004-07-20 Thread Jonathan Haddad 
Anything inside that textarea actually get's displayed.  So they will 
actually see that HTML.
I don't know of a way to actually highlight sections within the text 
area, and I don't think there is one.  You could highlight the text 
outside of the textarea though.

Jon
bruce wrote:
hi..
i'm presenting a textarea to the user...
i'd like to be able to display the information within the textarea in a
 format. this would allow me to highlight the material that the user
should modify. however, i can't figure out how to accomplish this...
$foo = 'blah';

something like the above, but without displaying all the attrib stuff...
any ideas/pointers would be appreciated..
thanks
-bruce
 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php