Various database <-> form things

[KempCGDR]

Ok, I have a few related things that I can't quite figure out, so I thought it would be a good idea to ask them all in one place.

1)
When something is submitted from a textarea input on my form, I need to make sure various characters don't mess anything up, is it best to use addslashes() or some other function?

2)
When I display the things that were submitted from the textarea (I save them in a mySQL database first), I need to have newlines replaced by <br> followed by a newline. I've never had to use that sort of function, so an example would be handy.

That's all I can think of for now, thanks in advance.


Just had a thought, been programming with php for god knows how long, and I've never needed to do this stuff... oh well.

 

[KempCGDR]

The one I forgot, when something needs to be editted, I pull it out of the database and display it in the appropriate form element, eg

echo &quot;Information:<br><input type='textarea' name='info' value='$aResult[info]'>&quot;;

Unfortunately, various caharcters mess this up (I think &quot; does, don't know which others). I experimented with addslashes(), but couldn't seem to get the problem to go away, any thoughts?

 

[KempCGDR]

My fault, it is actually ' that messes it up, the browser thinks I got to the end of the value field.

 

[skiflyer]

Did you try htmlspecialchars()?

I'm not 100% that's the right solution here, but my doubt comes from Monday morning more than anything else.

G'luck

-Rob

 

[KempCGDR]

tried it for putting stuff in the textareas, but it still only displays the value up to the first ' (even though it is now &quot;... strange. Even stranger that the stuff after the ' now don't show up, whereas before they were outside of the textarea.

 

[skiflyer]

Well, just playing with this by hand and the first thing you should note is that proper HTML standards would say...

<input type=&quot;textarea&quot; name=&quot;info&quot; value=&quot;here's Johnny, &quot;My Friend&quot;&quot;&quot; />

Compare that to the source output of your script?

So the fact that you're using single quotes instead of double quotes may be throwing things.... and about it being a double quote instead of a single quote, the manual states that will happen if ENT_QUOTES is not set.

Hope that sheds some light.

http://www.php.net/manual/en/function.htmlspecialchars.php

 

[KempCGDR]

it's not a double quote in my post above, just translated to that by the site, it actually gets changed to & quot; without the space. Single quotes don't matter, browsers accept them anyway despite what the &quot;standards&quot; say.

btw, your example makes no sense, is that a problem with displaying your example?

 

[KempCGDR]

Ok, so htmlspecialchars works, how about the first two questions?

Hitting myself now, htmlspecialchars was the first thing I tried, but I forgot to set ENT_QUOTES

 

[KempCGDR]

Oh, and in the first one, it's just for storing the stuff in a mySQL database, addslashes will be fine for that right?

 

[DRJ478]

About the newlines and <br/> tags:

There is a handy PHP function that does exactly what you want - and it is conveniently named nl2br();

http://ca2.php.net/manual/en/function.nl2br.php

Question:
Is your PHP installation using magic quotes? Check if --enable-magic-quotes is in phpinfo() or use

http://www.php.net/get-magic-quotes-gpc

When it's on Get/Post/Cookie vars are automatically furnished with slashes for single/double quotes, backslashes and NULs.

See also magic_quotes_runtime

 

[KempCGDR]

Thanks for everything guys, I've managed to sort all my problems despite not telling you exactly what I wanted very well and all that.

And just so I don't confuse anyone, I found that it is actually

<textarea name='info'>Stuff to display</textarea>

not

<input type='textarea' name='info' value='Stuff to display'>


Thanks again