Hi, Saturday, August 9, 2003, 1:57:04 AM, you wrote: TJQ> CPT John W. Holmes wrote: TJQ> --<SNIP>-- TJQ> > Try this: TJQ> > TJQ> > <textarea name="text">This is <some> text</textarea> TJQ> > TJQ> > If you submit that "text" and then print $_REQUEST['text'], you'll TJQ> see that TJQ> > you have TJQ> > TJQ> > This is <some> text TJQ> --<SNIP>-- TJQ> Ok, but that only makes me realize the further extent of the problem.
TJQ> If the HTML file that they upload has '<' or '>' entities, then TJQ> these characters will be displayed in the text area as '<' and '>' TJQ> symbols. So when the text is submitted from the textarea, all of the TJQ> user's HTML entities will have been destroyed. TJQ> Any thoughts on this problem? TJQ> Thaddeus TJQ> CPT John W. Holmes wrote: >> From: "Thaddeus J. Quintin" <[EMAIL PROTECTED]> >> >>>I'm working on a site where users have the option to type HTML code into >>>a textarea, or upload HTML code from a local file which is then >>>displayed in the text area. >>> >>>The obvious problem is that an uploaded file that contains a closing tag >>>for a textarea can wreak havoc and eat up the rest of the page. So, in >>>order to get it to display properly, I called htmlspecialchars() on the >>>string and that works fine. >>> >>>After any editing has been done, I can convert the text back using >>>html_entity_decode(). This seems to be a decent solution to the problem. >>> >>>However, if the user has included htmlentities in their code, won't >>>these get converted when I call the decode function? Even something >>>simple like using a '<' symbol for a little arrow. This would need to >>>remain a '<' and not get converted when html_entity_decode() is called. >> >> >> You should not have to call html_entity_decode() at all. You encode the text >> to get it to show in the text area. When the form is submitted, you get the >> text exactly as it appears in the textarea. in other words, without the html >> entities. >> >> Try this: >> >> <textarea name="text">This is <some> text</textarea> >> >> If you submit that "text" and then print $_REQUEST['text'], you'll see that >> you have >> >> This is <some> text >> >> ---John Holmes... >> >> >> one way is to change <textarea to <text_area and then change it back on submit -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
