PHP - How To Use Rich Text Editor For Text-area Input And Yet Prevent Injections?

Hi there,
I have form to send newsletter and I use text encoding not HTML.
Do you know the best editor to make BOLD or Space when i write email. I don't need HTML editor I need for text .


Thanks

Hi people, I really hope you guys can help me out today. I'm just a newbe at php and i'm having real trouble.

Bassically all I want to do is have a user type in a company name in a html form.

If what the user types in the form matches the company name in my php script i want the user to be sent to another page on my site.

If what the user types in the form doesnt match the company name in my php script i want the user to be sent to a differnt page like an error page for example.

this is my html form:

Code: [Select]
<form id="form1" name="form1" method="post" action="form_test.php">
  <p>company name:
    <input type="text" name="company_name" id="company_name" />
  </p>
  <p>
    <input type="submit" name="button" id="button" value="Submit" />
  </p>
</form>
And this is the php code I'm trying to process the information on:

Code: [Select]
<?php

$comp_name = abc;

if(isset ($_POST["company_name"])){
 if($_POST["company_name"] == $comp_name){

     header("Location: http://www.hotmail.com");
exit();
 }

else{
   header("Location: http://www.yahoo.com");
exit();   
 }
}
?>
The thing is i'm getting this error when i test it:
Warning: Cannot modify header information - headers already sent by (output started at D:\Sites\killerphp.com\form_test.php:10) in D:\Sites\killerphp.com\form_test.php on line 17

Please can some one help me out, i'm sure this is just basic stuff but i just cant get it to work 

Cheers.

  Auto Save Plugin for the CKEditor which automatically saves the content (via HTML5 LocalStorage) temporarly (for example when a login session times out). And after the content is saved it can be restored when the editor is reloaded. The auto save plugin for CKEditor does its job the way its described in the quote above.   I was wondering if there is a way to have the web based text editor for my blog, the way the Wordpress text editor is, with an auto save (draft) function?   Is there a web based text editor with such function, which would enable me this?
Edited by glassfish, 01 December 2014 - 07:43 AM.

This topic has been moved to Miscellaneous.

http://www.phpfreaks.com/forums/index.php?topic=345742.0

I want to add a text area to this so when an Administrator of the site clicks the refusal button, they will be able to type in a reason for the refusal.

Code: [Select]
<?php
echo '<a href="adminDeleteGoodie.php?delete_id=' . $delete_s_find . '" onClick="return confirm(\'Are you sure you want to delete&nbsp;' . $makesure_s . ' from the Goodies Approval List? If so, please leave a reason for the upload being denied.   NEED A TEXT AREA RIGHT HERE    \');"><img src="images_new/remove.jpg" border="0" /></a>';
?>

Note that my code still use the old mysql query and I am aware of that. I want to migrate it to mysqli soon but it will have to wait until I learn how to do so. Meanwhile, please help me with the code that I have now. Thank you    I've looked around the internet to find how to do this and I found two methods:   htmlspecialchars(); and mysql_real_escape_string();   I wrapped my text into one of the two function in order to pass in text with apostrophe in it to the database.   However I encountered a problem.   With mysql_real_escape_string, I got the desired effect that I want but the problem is that, the function also apply its effect onto html img tag. So <img src="test"> turns into <img src=/"test/"> and therefore images (and also links) will not appear.   With htmlspecialchars, again I got the desired function that I want which is to pass in apostrophe into the database. The problem with this is that when I pull the data out from the database and echo it onto my page, it doesn't render and show as a plain html code.   What confuse me a lot is that, it works fine inside my localhost.   Please help  Thank you!  Attached Files  content-insert.php   3.92KB   4 downloads

Hi,

I've been asked to modify a section on a site for a local club.

Basically, I've been asked to improve the name input section (a user may have to input up 15 names in one visit to the site).

At the moment the site works like this:
The user enters one members first name in one form box, then the surname in another, then presses "add name" which adds it to the list.

What i want to be able to do (and i'm sure i've seen it somewhere), is have the user enter the list of names into one big text area: Type in the first name then the surname, hit enter for a new line in the text area then type the next name....etc. When the list is complete press "add names" button.

Is there a name for this type of input? And does it work on the following principle:
1. The entire text sent from the text area can be exploded into an array using the line break as the delimiter
2. Each value in the array is then the first name and second name.
3. I can then explode each value further now using the space as the delimiter.
4. I am left with a bunch of arrays containing the first name in one value and the surname in the second

Any help or pointers here would be class

Cheers,

John

How can I make this textarea box height larger? The width is fine but I need to make it a little taller so I don't have to scroll to see what I've typed in. Thanks

Code: [Select]

<tr>
<td colspan="4"><b>Notes:</b>
<textarea style= "width: 100%"> </textarea>
</td>
</tr>

Hi all, I have a textarea field name brief in my php form. The problem is that users are entering phone numbers and email addresses in this field even though there is dedicated email and phone fields. I want a function to either delete the numbers and emails address automatically on this field or alert the user that numbers are not allowed in this field.

I have include my form.

Many thanks for your help

Hi,

Im trying to make a script to mass update a load of links in my database but im stuck on the basics, How can i detect a new line in a text area?

Anyone know why this dosen't work?


Code: [Select]
<?php
if($_POST[newlinks]) {
    
    $newlinks = preg_split("\n", ($_POST['newlinks']));
    $i = 1;
    foreach ($newlinks as $newlink) {
      
      echo "$i - $newlink <br />";
      $i++;
   }
  
} else {


  echo "<form method=\"POST\" action=\"changehost.php\">";
  echo "<br /> <strong>Enter the new links to try and replace old ones</strong> <br />";
  echo "<textarea rows=\"16\" name=\"newlinks\" cols=\"84\"></textarea>";
  echo "<input type=\"submit\" value=\"Submit\" name=\"B1\">";

 
?>

I want a Text Area on my form where I can enter the body of an article.

It should be sticky so the input is not lost if there are form issues and the form has to be re-loaded.

The problem is that when I type "mmm" into this field, after I click "Submit" my form is reloaded - because I didn't complete it - and several blank lines appear before and after the text "mmm"?!   

Here is my code...
Code: [Select]
<!-- Body -->
<li>
<label for="body"><span class="required">*</span>Body:</label>
<textarea id="body" name="body" class="text" cols="20" rows="5" wrap="soft">
<?php if(isset($body)){echo htmlentities($body, ENT_QUOTES);} ?>
</textarea>
<?php
if (!empty($errors['body'])){
echo '<span class="error">' . $errors['body'] . '</span>';
}
?>
</li>


What seems to be the problem?!


Debbie

I'm trying to retrieve the text from a text area and put this in a PHP variable without submitting the form.  The text is provided by a database and I want to format it for the user.  How can I do this with PHP?

So basically:

Code: [Select]
<form id="createForm" name="createForm" method="post" action="">
  <textarea name="subjectTextArea" id="subjectTextArea" cols="45" rows="5">
    This is the text I want to put in a PHP variable before the form is submitted.
  </textarea>
</form>

<?php
  $txtArea = ?
?>
Thanks for the help.

Hi!

I have a text area on my webpage which takes in user php scripts and produces an output in an adjacent window. I am trying to find out how I can auto include some php tags into the input text area so that the user doesn't have to keep typing them in every time.

Code: [Select]
<form name="form1" method="post" ACTION="editor.php">
        <textarea rows="10" cols="60" id="code" name="code"></textarea>
    <span class="submitbutton">Test code</span>
       </form>

Thanks in advance,
Jay

Hi,

I am trying to make a php website to create listings however I am having problems with the following code:

<?php
require_once("/home/a9653716/public_html/functions.php");
if(!$_SESSION['uid']){
    header("Location: index.php");
}

$id = mss($_GET['id']);

if ($id) {
    $sql = "SELECT * FROM `forum_sub_cats` WHERE `id`='" . $id . "'";
    $res = mysql_query($sql) or die(mysql_error());
    if (mysql_num_rows($res) == 0) {
        echo "The forum you are trying to create a topic on, does not exist!\n";
    } else {
        $row1 = mysql_fetch_assoc($res);
        if ($row1['admin'] == 1 && $admin_user_level == 0) {
            echo "You are not an administrator, therefore you cannot post on this forum!\n";
        } else {
            if (!$_POST['submit']) {
                echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
                echo "<form method=\"post\" action=\"./index.php?act=create&id=".$id."\">\n";
                echo "<tr><td>Forum Sub Category</td><td><select name=\"cat\">\n";
                $sql2 = "SELECT * FROM `forum_cats` WHERE `admin` < " . $admin_user_level . "+1";
                $res2 = mysql_query($sql2) or die(mysql_error());
                while ($row = mysql_fetch_assoc($res2)) {
                    $sql3 = "SELECT * FROM `forum_sub_cats` WHERE `cid`='" . $row['id'] . "'";
                    $res3 = mysql_query($sql3) or die(mysql_error());

                    echo "<option value=\"0\">" . $row['name'] . "</option>\n";
                    while ($row2 = mysql_fetch_assoc($res3)) {
                        $selected = ($row2['id'] == $id) ? " SELECTED" : "";
                        echo "<option value=\"" . $row2['id'] . "\"" . $selected .
                            ">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;" . $row2['name'] . "</option>\n";
                    }
                }
                echo "</select></td></tr>\n";
echo "<tr><td>Topic Title</td><td><input type=\"text\" name=\"title\"></td></tr>\n";
?>
                <script>edToolbar('message'); </script>
<?php
echo "<tr><td>Message</td><td><textarea id=\"message\" name=\"message\" class=\"ed\"></textarea></td></tr>\n";
echo "<tr><td>Tags (Seperate with commas)</td><td><input type=\"text\" name=\"tags\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Create Topic\"></td></tr>\n";
                echo "</form></table>\n";
            } else {
                $cat = mss($_POST['cat']);
                $title = mss($_POST['title']);
                $msg = mss($_POST['message']);
$tags = mss($POST['tags']);

                if ($cat && $title && $msg && $tags) {
                    $sql = "SELECT admin FROM `forum_sub_cats` WHERE `id`='" . $cat . "'";
                    $res = mysql_query($sql) or die(mysql_error());
                    if (mysql_num_rows($res) == 0) {
                        echo "This forum sub category does not exist!\n";
                    } else {
                        $row = mysql_fetch_assoc($res);
                        if ($row['admin'] == 1 && $admin_user_level != 1) {
                            echo "You are not an admin therefore you cannot post a new topic on this forum!\n";
                        } else {
                            if (strlen($title) < 3 || strlen($title) > 32) {
                                echo "The title must be between 3 and 32 characters!\n";
                            } else {
                                if (strlen($msg) < 3 || strlen($msg) > 10000) {
                                    echo "The message must be between 3 and 10,000 characters!\n";
                                 } else {
if (strlen($tags) < 2 || strlen($tags) > 200) {
echo "You must submit at least 1 tag and the total length mustn't be more than 200 characters!\n";
} else {
                                    $date = date("m-d-y") . " at " . date("h:i:s");
                                    $time = time();
                                    $sql2 = "INSERT INTO `forum_topics` (`cid`,`title`,`uid`,`date`,`time`,`message`,`tags`) VALUES('" .
                                        $cat . "','" . $title . "','" . $_SESSION['uid'] . "','" . $date . "','" . $time .
                                        "','" . $msg . "','" . $tags . "')";
                                    $res2 = mysql_query($sql2) or die(mysql_error());
                                    $tid = mysql_insert_id();
                                    topic_go($tid);
}
}
                            }
                        }
                    }
                } else {
                    echo "Please supply all the fields! \n";
                }
            }
        }
    }
} else {
    if (!$_POST['submit']) {
        echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
        echo "<form method=\"post\" action=\"./index.php?act=create\">\n";
        echo "<tr><td>Forum Sub Category</td><td><select name=\"cat\">\n";
        $sql2 = "SELECT * FROM `forum_cats` WHERE `admin` < " . $admin_user_level . "+1";
        $res2 = mysql_query($sql2) or die(mysql_error());
        while ($row = mysql_fetch_assoc($res2)) {
            $sql3 = "SELECT * FROM `forum_sub_cats` WHERE `cid`='" . $row['id'] . "'";
            $res3 = mysql_query($sql3) or die(mysql_error());

            echo "<option value=\"0\">" . $row['name'] . "</option>\n";
            while ($row2 = mysql_fetch_assoc($res3)) {
                $selected = ($row2['id'] == $id) ? " SELECTED" : "";
                echo "<option value=\"" . $row2['id'] . "\"" . $selected .
                    ">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;" . $row2['name'] . "</option>\n";
            }
        }
        echo "</select></td></tr>\n";
        echo "<tr><td>Listing Title</td><td><input type=\"text\" name=\"title\"></td></tr>\n";
        echo "<tr><td>Message</td><td><textarea id=\"markItUp\" name=\"message\" style=\"width:300px;height:100px;\"></textarea></td></tr>\n";
        echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Create Topic\"></td></tr>\n";
        echo "</form></table>\n";
    } else {
        $cat = mss($_POST['cat']);
        $title = mss($_POST['title']);
        $msg = mss($_POST['message']);
$tags = mss($POST['tags']);

        if ($cat && $title && $msg && $tags) {
            $sql = "SELECT admin FROM `forum_sub_cats` WHERE `id`='" . $cat . "'";
            $res = mysql_query($sql) or die(mysql_error());
            if (mysql_num_rows($res) == 0) {
                echo "This forum sub category does not exist!\n";
            } else {
                $row = mysql_fetch_assoc($res);
                if ($row['admin'] == 1 && $admin_user_level != 1) {
                    echo "You are not an admin therefore you cannot post a new topic on this forum!\n";
                } else {
                    if (strlen($title) < 3 || strlen($title) > 32) {
                        echo "The title must be between 3 and 32 characters!\n";
                    } else {
                        if (strlen($msg) < 3 || strlen($msg) > 10000) {
                            echo "The message must be between 3 and 10,000 characters!\n";
                        } else {
if (strlen($tags) < 2 || strlen($tags) > 200) {
echo "You must submit at least 1 tag and no more than a total of 200 characters!\n";
} else {
                            $date = date("m-d-y") . " at " . date("h:i:s");
                            $time = time();
                            $sql2 = "INSERT INTO `forum_topics` (`cid`,`title`,`uid`,`date`,`time`,`message`,`tags`) VALUES
('" . $cat . "','" . $title . "','" . $_SESSION['uid'] . "','" . $date . "','" . $time . "','" . $msg . "','" . $tags . "')";
                            $res2 = mysql_query($sql2) or die(mysql_error());
                            $tid = mysql_insert_id();
                            header("Location: index.php?act=topic&id=" . $tid . "");
                        }
                    }
}
                }
            }
        } else {
            echo "Please supply all the fields!\n";
        }
    }
}
?>

It seems to work fine until I put the tags text box in. It works fine however when I submit something it says that I havn't supplied all the fields. I have spent quite a while trying to figure this one out but I am very new to php and understand that it's probably a missing comma or something!

Hi,
I'm not sure if this should be in PHP or HTML so apologies if it's in the wrong area. I have a form with a text area element but when the text is submitted, tags such as <br> aren't included so the outputted text is never formatted correctly such as there being no paragraphs.

Is there a way make sure such tags are included in the output text?

Ta.