[PHP] str_replace ? \r
From a textarea on a web form I'm attempting to convert all returns(\r),
from the users input, to br /, for db INSERT, and then back again for
display in the textarea. (They remain as br /s for normal HTML web page
display.)
code:
// From textarea to db UPDATE
function addBR($tv) {
$tv = addslashes($tv);
$tv = str_replace(\r,br /,$tv);
// $tv = preg_replace(/(\r\n|\n|\r)/, br /, $tv);
// $tv = preg_replace(/(\r\n|\n|\r)/, , $tv);
return $tv;}
// For display in textarea
function remBR($tv) {
$tv = str_replace(br /,\r,$tv);
$tv = stripslashes($tv);
return $tv;
}
IT ALL works fine accept if a return is entered in the form's textarea at
the very beginning:
mysql SELECT jbs_jobDesA FROM jobs WHERE jbs_ID=77 \G
*** 1. row ***
jbs_jobDesA: br /[the return is still here]
Lesequam coreet la feum nulla feu facil iriure faccummolut ulput num augait
1 row in set (0.00 sec)
the return is converted to br /\r (leaving the return). AND then when
converted back for for the textarea both are stripped out, that is, there
is nothing in front of the first character. When resubmitted for UPDATE:
mysql SELECT jbs_jobDesA FROM jobs WHERE jbs_ID=77 \G
*** 1. row ***
jbs_jobDesA: Lesequam coreet la feum nulla feu facil iriure faccummolut
ulput num augait
1 row in set (0.00 sec)
Q. Why is that first return treated differently? All other returns are
treated as expected.
Thanks,
sam
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] str_replace ? \r
http://us3.php.net/manual/en/function.nl2br.php
Instead of using br / I would use p/p tags. That's just me though. :)
On 2/7/06 12:38 PM, Sam Smith [EMAIL PROTECTED] wrote:
From a textarea on a web form I'm attempting to convert all returns(\r),
from the users input, to br /, for db INSERT, and then back again for
display in the textarea. (They remain as br /s for normal HTML web page
display.)
code:
// From textarea to db UPDATE
function addBR($tv) {
$tv = addslashes($tv);
$tv = str_replace(\r,br /,$tv);
// $tv = preg_replace(/(\r\n|\n|\r)/, br /, $tv);
// $tv = preg_replace(/(\r\n|\n|\r)/, , $tv);
return $tv;}
// For display in textarea
function remBR($tv) {
$tv = str_replace(br /,\r,$tv);
$tv = stripslashes($tv);
return $tv;
}
IT ALL works fine accept if a return is entered in the form's textarea at
the very beginning:
mysql SELECT jbs_jobDesA FROM jobs WHERE jbs_ID=77 \G
*** 1. row ***
jbs_jobDesA: br /[the return is still here]
Lesequam coreet la feum nulla feu facil iriure faccummolut ulput num augait
1 row in set (0.00 sec)
the return is converted to br /\r (leaving the return). AND then when
converted back for for the textarea both are stripped out, that is, there
is nothing in front of the first character. When resubmitted for UPDATE:
mysql SELECT jbs_jobDesA FROM jobs WHERE jbs_ID=77 \G
*** 1. row ***
jbs_jobDesA: Lesequam coreet la feum nulla feu facil iriure faccummolut
ulput num augait
1 row in set (0.00 sec)
Q. Why is that first return treated differently? All other returns are
treated as expected.
Thanks,
sam
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] str_replace ? \r
On Tue, Feb 07, 2006 at 10:38:37AM -0800, Sam Smith wrote: From a textarea on a web form I'm attempting to convert all returns(\r), from the users input, to br /, for db INSERT, and then back again for display in the textarea. (They remain as br /s for normal HTML web page display.) You really shouldnt convert the data to br's into the database, just do it at the time at displaying it in html, and keep the raw data in the database. // add to database (prepare avoiding sql injection) $field = mysql_real_escape_string($_POST['textarea']); $sql = update jobs set jbs_jobDesA = '$field' WHERE jbs_ID=77; // output to html, removing xxs ablity and add html br's $field_from_db = $row['jbs_jobDesA']; echo div . nl2br(htmlentities($field_from_db)) . /div; // output to a textarea, removing xxs ability $field_from_db = $row['jbs_jobDesA']; echo textarea . htmlentities($field_from_db) . /textarea; This would work much nicer. No need to do any two-way convertion of your data. Curt. -- cat .signature: No such file or directory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] str_replace ? \r
Agreed - try to think of it as a filter and less of something that needs to be computed both ways... much easier in the long run, and more efficient :) On 2/7/06, Curt Zirzow [EMAIL PROTECTED] wrote: On Tue, Feb 07, 2006 at 10:38:37AM -0800, Sam Smith wrote: From a textarea on a web form I'm attempting to convert all returns(\r), from the users input, to br /, for db INSERT, and then back again for display in the textarea. (They remain as br /s for normal HTML web page display.) You really shouldnt convert the data to br's into the database, just do it at the time at displaying it in html, and keep the raw data in the database. // add to database (prepare avoiding sql injection) $field = mysql_real_escape_string($_POST['textarea']); $sql = update jobs set jbs_jobDesA = '$field' WHERE jbs_ID=77; // output to html, removing xxs ablity and add html br's $field_from_db = $row['jbs_jobDesA']; echo div . nl2br(htmlentities($field_from_db)) . /div; // output to a textarea, removing xxs ability $field_from_db = $row['jbs_jobDesA']; echo textarea . htmlentities($field_from_db) . /textarea; This would work much nicer. No need to do any two-way convertion of your data. Curt. -- cat .signature: No such file or directory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] str_replace ? \r
On Tue, Feb 07, 2006 at 03:43:38PM -0800, Curt Zirzow wrote: On Tue, Feb 07, 2006 at 10:38:37AM -0800, Sam Smith wrote: // output to html, removing xxs ablity and add html br's I mean XSS (Cross Site Scripting) Curt. -- cat .signature: No such file or directory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
