|
PHP - Textarea Field. Keeping Newlines, But Keep Input To Db Safe
Hi,
PHP newbie here, and my first post. I am in the process of learning PHP. Currently I am looking at forms and DB input. I would like to verify if my current method of keeping the linebreaks from a TEXTAREA field, and still keep the DB input safe is correct. I use the following code to get the input from the TEXTAREA field. Code: [Select] $comments = mysql_real_escape_string(nl2br(filter_var($_POST["comments"], FILTER_SANITIZE_STRING)));Is this the correct way of handling this? Thanks Similar TutorialsLike 6 years ago I had made a forum software for me and my buddies to post on. It had worked all great until my friend had posted a character that skewed my whole database, unintentionly, he knew nothing about computers. But I really haven't dabbed in PHP since 2008, I'm just now getting back into it again. I need to know how I can make data from an input to be put into an MySQL database and not screw up my code. So something along the lines that make the code safe and not exploitable. Also any third party scripts on captcha would be great! Hi all, I wonder if anyone can give me some idea; I have a form with a drop down menu [BT,Virgin, None, Other] - When user select either [BT, Virgin,None] the textarea field will be disable. But when user select option [Other] the textarea will be available. How can I do this? .. .. <tr align="left" valign="top" <?php if ($_POST['action'] == "register") { if ($errornum[16] == "1") { echo 'class="error"'; } } ?>> <td>Who is your previous Internet Service Provider?</td> <td align="left"> <select name="oldprovider"> <option value="<?php echo $prev_supplier;?>" <?php if ($_POST['action'] == "register") { if ($_POST['oldprovider'] == "") { echo "selected"; } } ?>> Select Provider..... </option><?php $prev_supplier="BT";?> <option value="<?php echo $prev_supplier;?>" <?php if ($_POST['action'] == "register"){ if ($_POST['oldprovider'] == "$prev_supplier") { echo "selected"; } } ?>> <?php echo $prev_supplier;?> </option><?php $prev_supplier="Virgin";?> <option value="<?php echo $prev_supplier;?>" <?php if ($_POST['action'] == "register") { if ($_POST['oldprovider'] == "$prev_supplier") { echo "selected"; } } ?>><?php echo $prev_supplier;?> </option><?php $prev_supplier="None";?> <option value="<?php echo $prev_supplier;?>" <?php if ($_POST['action'] == "register") { if ($_POST['oldprovider'] == "$prev_supplier") { echo "selected"; } } ?>><?php echo $prev_supplier;?> </option><?php $prev_supplier="Other";?> <option value="<?php echo $prev_supplier;?>" <?php if ($_POST['action'] == "register") { if ($_POST['oldprovider'] == "$prev_supplier") { echo "selected"; } } ?>><?php echo $prev_supplier;?> </option> </select> <br /><br /> <textarea name="oldprovider_text" cols="30" rows="2"> <?php if ($_POST['action'] == "register") { echo $_POST['oldprovider_text']; } ?> </textarea></td> </tr> Thanks in advance. Hello, this is my first post here.
I am trying to output the rows of a certain query in sequence after a POST has been requested.
I have been successful in getting the output in a pure php file but when I try to implement this in a web page with html/css, I can't echo the array in arbitrary locations after the post has processed.
This is the code which outputs successfully in a pure php file, but I need it to work in a <textarea> field as the results of a search
$rows2 = array();
$rows3 = array();
while($stmt->fetch()){
$rows2[] = $stratoparse;
$rows3[] = $date;
}
$search = array();
for($i=0;$i<=$num_rows;$i++){
echo $rows3[$i].' '.$rows2[$i].'<br>'.'<br>';
}
}
To further iterate what I am asking. When errors are stored, you write something like
$errors['username']="A username is required.";Then in any location of a webpage I can call this or show it, provided by this <?php isset($errors['username']) ? $errors['username']:" ");?>That is the same thing I am trying to do with this array which can be an arbitrary count of rows... I have not been successful in getting this to work... I have been told of string concatenation... I don't know what to do Thank you for any help Hi, This is driving me to distraction. I have been using this code Code: [Select] <?php $mailto = "edwin@btconnect.com"; $subject = "enquiry"; $message = "Values submitted from web site form:"; $header = "From: ".$_POST['email']; foreach ($_POST as $key => $value) { if (!is_array($value)) { $message .= "\n".$key." : ".$value; } else { foreach ($_POST[$key] as $itemvalue) { $message .= "\n".$key." : ".$itemvalue; } } } mail($mailto, $subject, stripslashes($message), $header); ?> very successfully but now I want to receive information from a 'textarea' in a form but it just doesn't get treated as input. The form is here; <form name="enquiry" method="post" action="feedback.php"> <tr> <td align="left">Name:</td> <td align="right"><input type="text" name="name" size="25" value=""></td> </tr> <tr> <td align="left">email:</td> <td align="right"><input type="text" name="email" size="25" value=""></td> </tr> <tr> <td align="left" valign="top">Blurb:</td> <td align="right"><textarea rows="4" cols="19" value=""></textarea></td> </tr> <tr><td colspan="2" align="right"> <input name="submit" type="image" src="report.gif" width="40" height="20" border="0"> </td></tr></form> Can anyone please help? edwind hi im trying to display the form entities in the textarea field so they can be sent to the user in an email, but its not working properly it prints out the variable $idName instead of its value?? any help would be greatly appricated ive been stuck on this bit of ages <?php function display_output_page() { $idName = trim($_REQUEST['username']); $firstName = trim($_REQUEST['firstname']); $Surname = trim($_REQUEST['surname']); $Address = trim($_REQUEST['address']); $Email = trim($_REQUEST['email']); $Phone = trim($_REQUEST['phone']); $Fitness = isset($_REQUEST['fitness']) ? $_REQUEST['fitness'] : ''; $goGym = isset($_REQUEST['gogym']) ? $_REQUEST['gogym'] : ''; $whyGym = isset($_REQUEST['whyGym']) ? $_REQUEST['whyGym']: array(); ?> <html> <head><title>Form Results</title></head> <body> <h1>Form Results</h1> <form action='mailto:$Email?subject=user comments' method='post'enctype='text/plain'> <textarea name='Topic' rows=15 cols=90> idName: ". $idName\n; Firstname: ". $_POST["firstname"]\n; Surname: ". $_POST["surname"]\n; Address: ". $_POST["address"]\n; Email: ". $_POST["email"]\n; Phone no.: ". $_POST["phone"]\n; Your fitness level: ". $_POST["fitness"]\n; How often do you go to the gym: ". $_POST["goGym"]\n; Why do you go to the Gym: ". $_POST["whyGym"]; </textarea></br> <input type='submit' value='Send Thru Email'> </form> </body> </html> <?php } ?> Hi i would like to know what is the best way to check if a textarea or an input box is empty. Is the empty function effective? This topic has been moved to Third Party PHP Scripts. http://www.phpfreaks.com/forums/index.php?topic=306489.0 Hi all . In my scripts , there is a textbox that allow user to enter multiple phone number separate with "," , if all valid it will echo "ok!" else will echo "error" . How if I want to know which value is in wrong format? such as I entered "0112255666,445221122200" , then it will echo " 445221122200 is not a valid phone number" . And how to echo the total phone number inserted to the textarea ? Thanks for every reply . Code: [Select] <?php if (isset($_POST["Submit"])) { $arrLines = split(",",$_POST['cellphonenumber']); foreach($arrLines as $cells){ if(!preg_match('/^[0]{1}[1]{1}[0-9]{1}[0-9]{7}?$/', $cells)){ echo "error"; } else{ echo "ok!"; } } } ?> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" name="myform" method="post"> <textarea name="cellphonenumber" rows="20" cols="100"></textarea> <input type="submit" name="Submit" /> </form> Or something like that... I am not sure how to put this.. Anyway, I'll just get started with explaining my problem. I have an admin-page in which you can delete the comments given on blogs, using checkboxes and clicking on a button with the value 'verwijderenSubmit'. The deletion part works just fine, nothing wrong. However, I also want to be able to EDIT the comments with an other button called 'bewerkenSubmit', using the same checkboxes that I use for deletion. Selecting the right CID (CommentID) is no problem, because that works the same as the deletion-part, but selecting the right textarea to update into the database is the problem... I uploaded a file here with the whole code: http://dhost.info/ddfs/myproblem.html I escaped the textarea within with square brackets, because otherwise the whole textarea would screw up.. I also added <!-- RELEVANT CODE --> to select the parts that I need to change. Well, I hope you understand my problem and can help. This is rather bothering as I know if you use the delimiter / regex pattern s it should ignore newlines preg_match_all("%<p><b>(.*?)</b>%s", $html, $data); Returns a blank array the page data is like so <p> <b>41,910</b><br/> Total Points </p> Never had a problem before that i can recall but for some reason with this page it's giving me issues. Maybe i'm missing something? I have a field in a table named flights I hope to find a 1 line statement to bypass inserting a new row if $flight_no is already in the field flight_no btw flight_no is the primary key and won't allow a duplicate anyway but I want to avoid the error message this is what I tried but doesn't work if(SELECT * FROM flights WHERE flight_no !LIKE %$flight_no%) { I have code: $proname1 = preg_match_all('/<div class=("|\')agentContainer("|\')>(\n\s)<div class="strong">(\n\s)(.*?)(\n\s)<\/div>/', $html, $name1);() Which is putting everything between these tags into an array, but the info contains new lines and whitespace, thus displaying empty entries in the array. How do I strip the whitespace and newlines prior to getting to the array? The data Im getting looks like... Code: [Select] <div class="agentContainer"> <div class="strong"> Blah Blah Company </div> And blah blah company isnt showing up in the array, but I know the regex is working. Hi All, Need help. I have a form which collect the users information including image which are stored in the directory. I want to rename the image file to the name of the user and stores it relative path in SQL table so that when I retrieve user name it also retrieve the image of the user. My Table structure is as follow: id int(5) lecturer_name varchar(10) lecturer_img_path varchar(100) Below is the PHP and HTML code. PHP Code <?php $dbhost = 'localhost'; $dbuser = 'root'; $dbpass = ''; $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); $dbname = 'test'; mysql_select_db($dbname)or die ('Error connecting to mysql'); ?> <?php if(isset($_POST['lecturer'])) { $lecturer = $_POST['lecturer']; $n = count($lecturer); $i = 0; echo "Your selected lecturer are \r\n" . "<ol>"; while ($i < $n) { if($lecturer[$i] == ""){ //do nothing $i++; }else{ echo "<li>{$lecturer[$i]}</li> \r\n"; $i++; } } echo "</ol>"; } ?> <?php mysql_close($conn); ?> HTML FORM Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>lecturer details</title> <style type="text/css"> body { background-color: #ffc; } </style> </head> <body> <b> <h1>Enter new lecturer details :</h1> <form id="form1" name="form1" method="post" action="submit1.php"> <p>Lecturer:<br /> <label for="lecturer"></label> <input name="lecturer[]" type="text" id="lecturer1" size="15" /> <label for="lect_img1"></label><input id="lect_img1" type="file" name="lect_img[]"><br /> <input name="lecturer[]" type="text" id="lecturer2" size="15" /> <label for="lect_img2"></label><input id="lect_img2" type="file" name="lect_img[]"><br /> <input name="lecturer[]" type="text" id="lecturer3" size="15" /> <label for="lect_img3"></label><input id="lect_img3" type="file" name="lect_img[]"><br /> <input name="lecturer[]" type="text" id="lecturer4" size="15" /> <label for="lect_img4"></label><input id="lect_img4" type="file" name="lect_img[]"><br /> <input name="lecturer[]" type="text" id="lecturer5" size="15" /> <label for="lect_img5"></label><input id="lect_img5" type="file" name="lect_img[]"><br /> <input name="lecturer[]" type="text" id="lecturer6" size="15" /> <label for="lect_img6"></label><input id="lect_img6" type="file" name="lect_img[]"><br /> <br /> <input name="submit" type="submit" id="send" value="submit"> </form> </b> </body> </html> I am having trouble sending information that was entered into a form, on the same page to the next page. I am sure i have done this a few years ago but cant find the code and cant find the answer online, hope someone can help me. My code is as follows: <form method="POST" action="https://.............. .asp "> <table> <tr> <td>Name: </td> <td><input type="text" name="clientname" /></td> </tr> <tr> <td>E-mail:</td> <td><input type="text" name="email" /></td> </tr> <tr> <td>Contact No:</td> <td><input type="text" name="telno" /></td> </tr> </table> <?php $udate = date("y-m-d H:i:s", strtotime ("+2 hour")); $uniquevalue = "$udate" . " " . "Simpay Pro"; echo $uniquevalue; ?> <br /> <input type="hidden" name="info1" value="<?php print $uniquevalue?>"> <input type="hidden" name="info2" value=$clientname> <input type="submit" value="Submit"> </form> So basically info1 is working i can see the value on the next page after its submitted, but info2 is the value of the input field. Is this possible to do it like this, or do i have to send it to another page and then to my last page that displays the values? Hiya pplz. I am trying to add: class="keyboardInput" to activate a javascript script to an input box. This is the line im trying to add it to: <td><?php echo form_input(array('name'=>'quantity','value'=>$item['quantity'],'size'=>'2'));?></td> I have tried: <td><?php echo form_input(array('name'=>'quantity','value'=>$item['quantity'],'size'=>'2'));? class="keyboardInput"></td> didn't work. Any help would be great. Ian can someone tell me why this won't work? I just want to key in the amtpaid and have fields inserted. I get no errors but the only field inserted is the datepaid . <html><head> <script> function $_(IDS) { return document.getElementById(IDS); } function calculate_paid() { var amtpaid = parseInt($_("amtpaid").value); var rentdue = parseInt($_("rentdue").value); var prevbal = parseInt($_("prevbal").value); var secdep = parseInt($_("secdep").value); var latechg = parseInt($_("latechg").value); var damage = parseInt($_("damage").value); var courtcost = parseInt($_("courtcost").value); var nsf = parseInt($_("nsf").value); var hudpay = parseInt($_("hudpay").value); var late = ($_("late").value); var paidsum = parseInt($_("paidsum").value); var dateNow = new Date(); var dayNow = dateNow.getDate(); var datePaid = (dateNow.getMonth()+1)+"/"+dateNow.getDate()+"/"+dateNow.getFullYear(); $_('datePaid').value = datePaid; if(dayNow > 5) { late = "L"; prevbal = prevbal + 10; } paidsum = paidsum + amtpaid var tentpay = amtpaid - hudpay; var totOwed = rentdue + prevbal - hudpay; var left = totOwed - amtpaid; if (amtpaid <= totOwed) { prevbal = left; } left = amtpaid - totOwed; if (left <= secdep) { secdep = secdep - left; } left = left - secdep; if (left <= damage) { damage = damage - left; } left = left - damage; if (left <= latechg) { latechg = latechg - left; } left = left - latechg; if (left <= courtcost) { courtcost = courtcost - left; } left = left - courtcost; if (left <= nsf) { nsf = nsf - left; } prevbal = left - nsf; } </script> </head><body> <?php mysql_connect(localhost,root,""); mysql_select_db(test) or die( "Unable to select database"); if(!empty($_POST["submit"])) { $apt = $_POST['apt']; $query="SELECT * FROM testdata Where apt='$apt'"; $result=mysql_query($query); if(mysql_num_rows($result)) { echo "<form action='#' method='post'><b>Rent Payment :<br /><br /> <table cellspacing=0 cellpadding=0 border=1> <tr> <th>Name</th> <th>Apt</th> <th>Paid</th> <th>Due</th> <th>Prev Bal</th> <th>Sec Dep</th> <th>Late Chg</th> <th>Dmg</th> <th>Court Cost</th> <th>NSF</th> <th>Tent Pay</th> <th>Hud Pay</th> <th>Date Paid</th> <th>Late</th> <th>Comments</th> <th>Paidsum</th> </tr>"; while($row = mysql_fetch_assoc($result)) { echo "<tr> <td><input type='text' size=25 name='name' value='" . $row['name'] . "'></td> <td><input type='text' size=2 name='apt' value='" . $row['apt'] . "' ></td> <td><input type='text' size=4 id='amtpaid' name='amtpaid' value='" . $row['amtpaid'] ."' onBlur='calculate_paid(this)'></td> <td><input type='text' size=4 id='rentdue' name='rentdue' value='" . $row['rentdue'] . "'></td> <td><input type='text' size=4 id='prevbal' name='prevbal' value='" . $row['prevbal'] ."'></td> <td><input type='text' size=4 id='secdep' name='secdep' value='" . $row['secdep'] ."'></td> <td><input type='text' size=4 id='latechg' name='latechg' value='" . $row['latechg'] ."'></td> <td><input type='text' size=4 id='damage' name='damage' value='" . $row['damage'] ."'></td> <td><input type='text' size=4 id='courtcost' name='courtcost' value='" . $row['courtcost'] ."'></td> <td><input type='text' size=4 id='nsf' name='nsf' value='" . $row['nsf'] ."'></td> <td><input type='text' size=4 id='tentpay' name='tentpay' value='" . $row['tentpay'] . "'></td> <td><input type='text' size=4 id='hudpay' name='hudpay' value='" . $row['hudpay'] ."'></td> <td><input type='text' size=10 id='datepaid' name='datepaid' value='" . $row['datepaid'] . "'></td> <td><input type='text' size=1 id='late' name='late' value='" . $row['late'] . "'></td> <td><input type='text' size=25 name='comments' value='" . $row['comments'] . "'></td> <td><input type='text' size=4 id='paidsum' name='paidsum' value='" . $row['paidsum'] . "'></td> </tr>"; } echo "</table> <input type='submit' name='update' value='Make Payment' /> </form>"; } else{echo "No listing for apartment $apt.<br />Please select another.<br />";} } if(!empty($_POST["update"])) { $sql = "UPDATE testdata SET name = '" . mysql_real_escape_string($_POST['name']) . "', amtpaid = '" . mysql_real_escape_string($_POST['amtpaid']) . "', rentdue = '" . mysql_real_escape_string($_POST['rentdue']) . "', prevbal = '" . mysql_real_escape_string($_POST['prevbal']) . "', secdep = '" . mysql_real_escape_string($_POST['secdep']) . "', latechg = '" . mysql_real_escape_string($_POST['latechg']) . "', nsf = '" . mysql_real_escape_string($_POST['nsf']) . "', damage = '" . mysql_real_escape_string($_POST['damage']) . "', courtcost = '" . mysql_real_escape_string($_POST['costcost']) . "', tentpay = '" . mysql_real_escape_string($_POST['tentpay']) . "', hudpay = '" . mysql_real_escape_string($_POST['hudpay']) . "', datepaid = '" . mysql_real_escape_string($_POST['datepaid']) . "', late = '" . mysql_real_escape_string($_POST['late']) . "', comments = '" . mysql_real_escape_string($_POST['comments']) . "', paidsum = '" . mysql_real_escape_string($_POST['paidsum']) . "' WHERE apt='".$_POST["apt"]."'"; mysql_query($sql) or die("Update query failed."); echo "Record for apartment ".$_POST["apt"]." has been updated"; } ?><form method="post" action="#"> <br /> <input type="text" name="apt"/> <p> <input type="submit" name="submit" value="select apartment"/> </form> </body></html> Hi everyone. In the script below, I would like to have the input box for "Website" to have http:// already in that input field. So, people will see "Website:" and then in the input field it will have "http://" I'm a PHP novice, and I'm not sure how to do it. Thanks. Code: [Select] <?php $contact_form_fields = array( array('name' => 'Website:', 'type' => 'input', 'require' => 1), array('name' => 'Name:', 'type' => 'name', 'require' => 1), array('name' => 'E-mail:', 'type' => 'email', 'require' => 1), array('name' => 'Phone:', 'type' => 'input', 'require' => 0), array('name' => 'Service:', 'type' => 'select', 'require' => 1, 'default' => 'Select Desired Service', 'items' => array('Keyword Research', 'Search Engine Optimization', 'Link Building Services', 'SEO Web Design', 'SEO Copywriting', 'SEO Consulting', 'Conversion Optimization', 'Social Media and PR', 'Landing Page Optimization', 'Other')), array('name' => 'Budget:', 'type' => 'select', 'require' => 1, 'default' => 'Budget / Monthly', 'items' => array('$500-$1500', '$1500-$2500', '$2500-$5000', '$5000-$10000', '$10K +')), array('name' => 'Comments:', 'type' => 'textarea', 'require' => 1), array('name' => 'Turing number:', 'type' => 'turing', 'require' => 1, 'url' => 'contact-form/image.php', 'prompt' => 'Please enter the number displayed above'), ); $contact_form_graph = false; $contact_form_xhtml = true; $contact_form_email = "someone@somewhere.com"; $contact_form_encoding = "utf-8"; $contact_form_default_subject = "Sent from free SEO quote form"; $contact_form_message_prefix = "Sent from free SEO quote form\r\n==============================\r\n\r\n"; include_once "contact-form2/contact-form/contact-form.php"; ?> I have a register script, and I am wanting to make it so that if the username field contains, lets say "mod", "ass", and more, then it'll return an error and wont let them register. Hello phpfreaks I'm a bit new to PHP, as well as this forum. I'm learning in a fast way, but there's something I can't seem to figure out, nor find it on google. I'm sure it's a simple and basic trick, but like I said, I'm just a beginner So the question is: How can I store multiple words to an array, using only 1 input form field? I guess it's with a for-loop..? So everytime you hit the 'submit' button, a new word should be added to the array. My problem is that I'm always overwriting ONE word.. This is what I've got so far.. : Code: [Select] <?php if (isset($_POST['word'])){ $word = $_POST['word']; $word = strip_tags($word); $word = trim($word); $word = htmlentities($word); } else { $word = ""; } ?> <div id="arrays"> <p>Add a word to the array below:<br /><br /></p> <form action="index.php" method="post"> <input id="word" name="word" type="text" value="<?php echo $word; ?>" /> <br /><input class="btn" type="submit" value="Submit" /> </form> <br /> <p> <?php $array = array("apple", "banana", "lemon", $word); for ($i = 0; $i < count($array); $i++){ echo $array[$i] . " "; } ?> </p> </div> Also: I'm using PHP 5, in combination with xHTML strict 1.0. First, here's some code: Code: [Select] $result = mysql_query("SELECT standard FROM thestandards WHERE id={$theSearch}", $connection); if (!$result) { die("Database connection failed: " . mysql_error()); } while ($row = mysql_fetch_array($result)) { $query = $row[0]; } // echo $testing = nl2br($query); $subStrings = explode('\n', $query); echo $subStrings[0] . "<br />"; // outputs entire query echo $subStrings[1] . "<br />"; // undefined offset echo $subStrings[2] . "<br />"; // undefined offset echo $subStrings[3] . "<br />"; // undefined offset So, the data I'm retrieving from the database is several small paragraphs. I want to take these paragraphs, separate them, and put them into an array. I tried using the explode function with the newline char, but for some reason it doesn't work. I can get it to work if I want to go explicitly add "\n"s in the database everywhere, but that just doesn't seem practical. nl2br doesn't work for what I need, but I find it interesting that this function is somehow able to "see" all the newlines in the query, whereas the explode function cannot. Explode is really what I need, but I've tried '\n', '\r', '\r\n' and nothing works. Thanks for the help. |
|||||||