|
|
Welcome to the Computer Webmaster Gaming Console Graphics Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact us. |
| |||||||
| PHP PHP for some can be one of the hardest website programming codes, so do you need help on your PHP script, if it is php4, php5 or lower this is the place for you for any PHP help. |
 |
| | LinkBack | Thread Tools | Display Modes |
07-01-2007, 4:00 PM
| #1 | ||
 |
If $val is the following: ....Just revamped the site's Content Management Application I built.. so do bear in mind.. sorry! Phil stripslashes(htmlspecialchars($val)) should produce the following, or so I thought: <input type=hidden name=alert value="...Just revamped the site's Content Management Application I built.. so do bear in mind.. sorry!<br><br>Phil"> Instead, I get: <input type=hidden name=alert value="...Just revamped the site\'s Content Management Application I built.. so do bear in mind.. sorry! Phil"> What combo of stripslashes() and htmlspecialchars() do I use to ensure I get a single-line entity from an HTML textarea value that could have anything in it, plain and simple? Phil | ||
      |
| Advertisements |
|
07-01-2007, 4:11 PM
| #2 | ||
| |
Sorry, that did not work. I came up with an incredibly ugly solution that works, anyone think of a more elegant way? foreach ($HTTP_GET_VARS as $key => $val) if (!in_array($key, $cmaExceptionArray)) { $val = str_replace("\n\r", '<br>', $val); $val = str_replace("\n", '<br>', $val); $val = str_replace("\r", '<br>', $val); array_push($formQSDupArray, $key); // ADD HERE BEFORE YOU GO TO FORM PART echo "<input type=hidden name=$key value=\"" . stripslashes(htmlentities($val, ENT_COMPAT)) . "\">\n"; } } Phil "MeerKat" <liquidlaughter2000@blueyonder.co.uk> wrote in message news:uxgWa.499$7q1.422@news-binary.blueyonder.co.uk... > addslashes(htmlentities($val)) innit? > > > Phil Powell wrote: > > If $val is the following: > > > > ...Just revamped the site's Content Management Application I built.. so do > > bear in mind.. sorry! > > > > Phil > > > > > > stripslashes(htmlspecialchars($val)) should produce the following, or so I > > thought: > > > > <input type=hidden name=alert value="...Just revamped the site's Content > > Management Application I built.. so do bear in mind.. > > sorry!<br><br>Phil"> > > > > Instead, I get: > > > > <input type=hidden name=alert value="...Just revamped the site\'s Content > > Management Application I built.. so do bear in mind.. sorry! > > > > Phil"> > > > > What combo of stripslashes() and htmlspecialchars() do I use to ensure I get > > a single-line entity from an HTML textarea value that could have anything in > > it, plain and simple? > > > > Phil > > > > > > -- > MeerKat > | ||
| |
|
07-01-2007, 4:11 PM
| #3 | ||
| |
"Phil Powell" <soazine@erols.com> wrote in message news:F1gWa.130$cf.29@lakeread04... > If $val is the following: > > ...Just revamped the site's Content Management Application I built.. so do > bear in mind.. sorry! > > Phil > > > stripslashes(htmlspecialchars($val)) should produce the following, or so I > thought: > > <input type=hidden name=alert value="...Just revamped the site's Content > Management Application I built.. so do bear in mind.. > sorry!<br><br>Phil"> > > Instead, I get: > > <input type=hidden name=alert value="...Just revamped the site\'s Content > Management Application I built.. so do bear in mind.. sorry! > > Phil"> > > What combo of stripslashes() and htmlspecialchars() do I use to ensure I get > a single-line entity from an HTML textarea value that could have anything in > it, plain and simple? > > Phil > Hi Phil, Just a guess (since this doesn't look like a complete code listing), but are you picking up the return value, or are you trying to use the string as if it were passed by reference? This worked for me as long as I displayed the return value: $dirty_string = 'Hello. <script type="text/javascript">window.open("format_hdd.php");</script>'; $clean_string = stripslashes(htmlspecialchars($dirty_string)); echo $dirty_string, '<br />--Becomes--<br />', $clean_string; Coming from Perl, I've made this mistake plenty in PHP. HTH, Zac | ||
| |
|
07-01-2007, 4:12 PM
| #4 | ||
| |
"Phil Powell" <soazine@erols.com> wrote in message news:YFjWa.926$cf.849@lakeread04... > This ended up working for me instead: > > foreach ($HTTP_GET_VARS as $key => $val) > > if (!in_array($key, $cmaExceptionArray)) { > $val = str_replace("\n\r", '<br>', $val); > $val = str_replace("\n", '<br>', $val); > $val = str_replace("\r", '<br>', $val); > array_push($formQSDupArray, $key); // ADD HERE BEFORE YOU GO TO FORM > PART > echo "<input type=hidden name=$key value=\"" . > stripslashes(htmlentities($val, ENT_COMPAT)) . "\">\n"; > } > } > > Although I wish I could find a more elegant solution than that. > You can use nl2br to put in your own HTML breaks: $val = nl2br($val); This alleviates using three str_replace calls. However, if you want to still use a replacement method (which drops newlines/returns), I use this method: $val = preg_replace('/\n(\r)?/', '<br />', $val); It might make your code more readable if you do all of your filtering at once using a function call: function input_filter($input) { return( stripslashes( htmlentities( //Add a non-breaking space to sentence spaces. preg_replace('/ {2}/', ' ', //Replace all newlines // (with optional carriage returns) // with <br /> tags. preg_replace('/\n(\r)?/', '<br />', $input), ), ENT_COMPAT ) ) ); } Then, $val = input_filter($val); This should "clean up" a little bit of the code within your loop. This reduces string filtering to a single line of code, so all you're doing otherwise is just your form tracking. HTH, Zac | ||
| |
| Featured Websites | ||||
|
|
| Tags: htmlspecialchars, problem, stripslashes |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| CD Key Problem | Merlin | Console Subjects | 6 | 06-26-2007 11:32 AM |
| 945 problem (please help!!!) | abiliojr | Motherboards | 1 | 06-11-2007 1:07 PM |
| This is the problem !! | Big John | Google questions | 2 | 05-30-2007 6:53 PM |
| GT3 problem | DaveT | Computer Consoles | 1 | 05-29-2007 10:14 AM |
| replicatable Folder Search problem : is source of problem Windows Desktop Search ? | Bill Woodruff | MSN questions | 0 | 05-28-2007 1:45 AM |
| Featured Websites | ||||
|
stripslashes() and htmlspecialchars() problem! 
PacMan
Linear Mode
