|
PHP - Pre Tags Stop Working When Reopening Within Textarea
The pre tags:
<pre></pre>get saved in the database like in the above shown example. Though, when reopening them within a textarea they stop working. For example: <pre><h1>The Headline</h1></pre>becomes: The Headline within the textarea. The Questions: What happens here? How to solve it? Edited by glassfish, 03 October 2014 - 09:42 AM. Similar TutorialsI have the pre tags stored in the database like in the following example:
<pre> ... </pre>I am looking to avoid having the code rendered, when querying it into a textarea. Any suggestions? I recently made a flatfile cms (+ edit in place). Here's an example of how it shows the <br>'s when hitting enter. The password is demo. Now when you click inside (in any text field - there are 4), when hitting enter it makes a new line without showing a <br> tag. Clicking outside and inside the textarea, it will show all the line breaks you've made. My question is how to hide the <br> tag. What I've searched, found and tried the following: Code: [Select] $content=nl2br($content); and $content = str_replace("<br>", "\n", $content); Neither worked. Also when using this code Code: [Select] $file1 = include '/ccms/files/edit.txt'; echo $file1; // This outputs the file. to show the content on another page, it adds a number 1 to every textarea I have on the original page. You can preview the number 1 error here. The code belows stops sql queries from being executed when there are blank fields on my form. Aswell as this, a message is displayed '<br> but you did not complete all of the required fields, please try again' How can I tell me page to check the fields upon pressing the click button, opposed to onload? Code: [Select] <?php include('func.php'); include($_SERVER['DOCUMENT_ROOT'].'/include/db.php'); ?> <!--$INC_DIR = $_SERVER["DOCUMENT_ROOT"]. "/include/";--> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Chained Select Boxes using PHP, MySQL and jQuery</title> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function() { $('#wait_1').hide(); $('#drop_1').change(function(){ $('#wait_1').show(); $('#result_1').hide(); $.get("func.php", { func: "drop_1", drop_var: $('#drop_1').val() }, function(response){ $('#result_1').fadeOut(); setTimeout("finishAjax('result_1', '"+escape(response)+"')", 400); }); return false; }); }); function finishAjax(id, response) { $('#wait_1').hide(); $('#'+id).html(unescape(response)); $('#'+id).fadeIn(); } </script> </head> <body> <p> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> Name: <input type="text" name="Name" maxlength="50"/><br /> Phone: <input type="text" name="Phone" maxlength="50"/><br /> Email: <input type="text" name="Email" maxlength="50"/><br /> Postcode: <input type="text" name="Postcode" maxlength="50"/><br /> Web Address: <input type="text" name="Website" maxlength="50"/><br /><br /> <select name="drop_1" id="drop_1"> <option value="" selected="selected" disabled="disabled">Select a Category</option> <?php getTierOne(); ?> </select> <span id="wait_1" style="display: none;"> <img alt="Please Wait" src="ajax-loader.gif"/> </span> <span id="result_1" style="display: none;"></span> <br /> </form> </p> <p> <?php if(isset($_POST['submit'])){ $drop = mysql_real_escape_string($_POST['drop_1']); $tier_two = mysql_real_escape_string($_POST['Subtype']); echo "You selected "; echo $drop." & ".$tier_two; } $Name = mysql_real_escape_string($_POST["Name"]); $Phone = mysql_real_escape_string($_POST["Phone"]); $Email = mysql_real_escape_string($_POST["Email"]); $Postcode = mysql_real_escape_string($_POST["Postcode"]); $Website = mysql_real_escape_string($_POST["Website"]); if($Name == '' || $Phone == '' || $Email == '' || $Postcode == '' || $Website == '') { die('<br> but you did not complete all of the required fields, please try again'); } echo "<br>"; echo $Name; echo "<br>"; echo $Website; $query = ("INSERT INTO business (`id`, `Name`, `Type`, `Subtype`, `Phone`, `Email`, `Postcode`, `Web Address`) VALUES ('NULL', '$Name', '$drop', '$tier_two' , '$Phone', '$Email', '$Postcode', '$Website')"); mysql_query($query) or die ( "<br>Query: $query<br>Error: " .mysql_error()); ?> </body> </html> Friends, I have a code to filter out stopwords (from text file) out of a string supplied. Seems its not filtering out the stop words. Code: [Select] <?php $CommonWords = file_get_contents('http://minimate.co.uk/stopwords.txt'); $CommonWords = explode("\n", $CommonWords); $keywords = 'This is did samle a as any ass'; $search_keywords = strtolower(trim($keywords)); $arrWords = explode(' ', $search_keywords); $arrWords = array_unique($arrWords); foreach ($arrWords as $word) { if (!in_array($word, $CommonWords) && (trim($word) != '')) { $searchWords[] = $word; } } print_r($searchWords); ?> Output is: Quote Array ( => this [1] => is [2] => did [3] => sample [4] => a [5] => as [6] => any [7] => ass ) So the output is not filtering out any words from that text file. Can someone help me with this? Cheers Natasha T On all my forms, after I send an empty string to one field, it will stop accepting values when I resubmit. My code passes through the W3C validator Any ideas?? I have a form that generates html code, and displays it in a textarea with submit button. I want to submit button to take the data entered in that textarea1 on page 1, and upload to textarea2 on page 2 How can I do this? I have no idea where to start. hi everyone, did not know what to make the subject, but here is what I want to do: I have a string, which gets returned to me from a linux app on my server, it looks something like this: Code: [Select] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8"> <TITLE> </TITLE> <META NAME="GENERATOR" CONTENT="OpenOffice.org 3.2 (Linux)"> <META NAME="AUTHOR" CONTENT="Administrator"> <META NAME="CREATED" CONTENT="20110106;14170000"> <META NAME="CHANGEDBY" CONTENT="HOD"> <META NAME="CHANGED" CONTENT="20110522;16540000"> <STYLE TYPE="text/css"> <!-- @page { margin: 0.26in } P { margin-bottom: 0.15in; direction: ltr; color: #000000; line-height: 0.15in; text-align: justify; widows: 2; orphans: 2 } P.western { font-family: "Arial", sans-serif; font-size: 10pt; so-language: en-US } P.cjk { font-family: "Batang", "바탕", serif; font-size: 10pt } P.ctl { font-family: "Times New Roman", serif; font-size: 10pt; so-language: ar-SA } A:link { color: #0000ff } --> </STYLE> </HEAD> <BODY LANG="en-US" TEXT="#000000" LINK="#0000ff" DIR="LTR" STYLE="border: 5.05pt double #000000; padding: 0.67in 0.92in"> <P>I want this and the tags around it, just not the html, head, body and their closing tags.</P> </BODY> </HTML> within the body, the tags are each styled for example: <p style="color: red"></p> so I cannot just get rid of all html, I want to get only all the content within the body tags, but without the body tags obviously strip_tags does not work as i need, I only want to strip certain tags. If someone can help me with this i will much appreciate it. I am asking out of curiosity, how does this problem usually get solved, when using a tag system to sort content, and users enter similar tags. For example: flower and flowers... which means the difference between singular and plural. Judging by other sites which are around, this problem is not solved at all, they simply let you add as many tags as you want and then rank the most used tags, it indeed is a solution, but seems more like a walk-around solution to me. Any ideas how somebody could approach to solve this one? EDIT: My suggestion would be an analysis function, which analyzes the entered tag and then suggests the user that similar tags have been already entered and perhaps he wants to choose one of those which have been already entered. This does work though with a high traffic websites what can happen is the following: php and php5 You can end up with two similar tags which are both widely used though have different meanings to the user base. This one could be solved by simply prohibiting similar tags with little additions or changes, and so to speak "forcing" the user to choose something which is already there. May be a way, though it can turn out as a bad solution as well. Do anyone know how i can put the html tags in the same line as the other html tags? Here's an example: Code: [Select] Images | Link | Delete | Enabled On my code, it break the tags to the new line without put on the same line as the other tags. Here's the code: Code: [Select] [code]<?php session_start(); define('DB_HOST', 'localhost'); define('DB_USER', 'myusername'); define('DB_PASSWORD', 'mypass'); define('DB_DATABASE', 'mydbtable'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($var){ return mysql_real_escape_string(strip_tags($var)); } $username = clean($_GET['user']); $password = clean($_GET['pass']); if($username == '') { $errmsg_arr[] = 'username ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'PASSWORD ID missing'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; echo implode('<br />',$errmsg_arr); } else { $qry="SELECT * FROM members WHERE username='$username' AND passwd='$password'"; $result=mysql_query($qry) or die('Error:<br />' . $qry . '<br />' . mysql_error()); if(mysql_num_rows($result) > 0) { $qrytable1="SELECT images, id, public FROM members WHERE username='$username'"; $result1=mysql_query($qrytable1) or die('Error:<br />' . $qry . '<br />' . mysql_error()); while ($row = mysql_fetch_array($result1)) { echo '<p id="images"> <a href="images.php?id='.$row['id'].'">Images</a></td> | <a href="http://' . $row["links"] . '">Link</a> </td> | <a href="delete.php?id='.$row['id'].'">Delete</a> </td> | <p> <p id="test">'.$row['Public'].'</td>''; } } } ?>[/code] Say I have the following text stored in a MySQL database... Code: [Select] <b>Classic Quote from movie</b> and I retrieve it into a variable called $text, how do I properly echo that so that it keeps the bold tags and actually display the text "Classic quote from movie" in BOLD? I'm doing something wrong somewhere along the line (simply doing "echo $text;") because it displays on the page as... Code: [Select] <b>Classic Quote from movie</b> Instead of... Classic Quote from movie Any info on properly storing and echoing back HTML would be very appreciated. I have a system setup to pull a while() query out of a file. As follows: // In another file that is included into the one I'm running. $support_1_start = './includes/modules/while/support.1.open.php'; $support_1_stop = './includes/modules/while/support.1.close.php'; // The actual file. include($support_1_start); // This starts the mysql while() query. ?> // Data should be displayed here... <?php include($support_2_stop); // This ends the mysql while() query. The only problem is that I'm getting the following error: Code: [Select] Parse error: syntax error, unexpected $end in /home/nuke/public_html/includes/modules/while/support.1.open.php on line 16 I assume its because I included the while() function, but didn't close it in that file, but instead another file. Maybe you know how to fix this? If you want my complete source code in order of what is ran: http://www.nuclear.apnx.us/source.txt I need some quick help with this, This is my file upload row loop, I want to add the if <b>k = 4</b>, then you have reached the maximum upload. Or something to that Effect. PRetty much only allowing 4-upload per user, before stoping the upload feature.. row count Code: [Select] <?php $k = 4; //$n=5; for ($i=0, $n=count( $this->songs ); $i < $n; $i++) //for ($i=0, $n=count( $this->songs ); $i < $n; $i++) { $song = &$this->songs[$i]; $checked = JHTML::_('grid.id', $i, $song->id ); $link_edit = JRoute::_( 'index.php?userid='.$this->xxx->user_id.'&layout=form&id=' . $song->id .'&from=xxx'); $tick = JHTML::image("images/tick.png",JText::_('Yes')); $tick_file = JHTML::image("images/tick.png",JText::_('Yes'),array("title" => $xxx->filename)); $cross = JHTML::image("images/publish_x.png",JText::_('No')); ?> End row count Code: [Select] <?php $k = 1 - $k; } ?> I've tried this: <?php $xsblock = $_SERVER['HTTP_REFERER']; $url = "testchan"; $pos = strpos($xsblock, $url); if ($pos == false) { die(); } else { echo "content content content content content content content content"; } ?> How can I do this correctly? Thanks in advance! hi i need some help . i see some person use bot traffic or proxey taffic software or script like jiggling and hitleap . they give a url of any sites then this software proxey view this websites.. i want asked can it possible stop these bot traffic its any procedure in php or javascript to stop this traffic..
I'm tired and want to sleep so my mistakes are getting lots now. Anybody awake that can explain my problem with the code below. <? function directoryToArray($directory, $recursive) { $array_items = array(); $i = "0"; if ($handle = opendir($directory)) { while (false !== ($file = readdir($handle)) && $i < "3") { if ($file != "." && $file != "..") { if (is_dir($directory. "/" . $file)) { if($recursive) { $array_items = array_merge($array_items, directoryToArray($directory. "/" . $file, $recursive)); } } else { $file = $directory . "/" . $file; $array_items[] = preg_replace("/\/\//si", "/", $file); $i++; } } } closedir($handle); } natsort($array_items); return array_reverse($array_items); } $data = directoryToArray('images/screenshot/', TRUE); print_r($data); ?> What I want is for the while loop to stop after 4 hits and exit and give me the return results. But now it continue until readdir end. I need a way to keep entrys into a database from being doubled. The issue is that on something like %7B%7D that is the same as {} in html. So if one is entered in with the percentages and one is entered in normal, the data base thinks they are two different items even though they could be the exact same thing. Now when I insert the new item into the data base the value ='s mysql_real_escape_string(htmlentities(item)) is how I do it now. This is wrong im guessing cause it could go with either of the above examples and puts them in as given. So my question here is kinda two parted. 1) how do I get it to insert the info one way or the other but never both being allowed. So {} will always show %7B%7D when inserted or visa versa. and 2) How do I take an existing database and sort threw it to make sure they are all the same as 1 codes the new ones in, and take out any possible dupilications due to the difference? Hi, Just received this email from a random person saying they were able to obtain the username and password for the site admin page from the MySql Database: [07:33:33] [INFO] testing if GET parameter 'id' is dynamic [07:33:34] [INFO] confirming that GET parameter 'id' is dynamic [07:33:35] [INFO] GET parameter 'id' is dynamic [07:33:35] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis [07:33:35] [INFO] testing unescaped numeric injection on GET parameter 'id' [07:33:37] [INFO] confirming unescaped numeric injection on GET parameter 'id' [07:33:37] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 parenthesis [07:33:37] [INFO] testing for parenthesis on injectable parameter [07:33:40] [INFO] the injectable parameter requires 0 parenthesis [07:33:40] [INFO] testing MySQL [07:33:41] [INFO] confirming MySQL [07:33:41] [INFO] query: SELECT 0 FROM information_schema.TABLES LIMIT 0, 1 [07:33:41] [INFO] retrieved: 0 [07:33:51] [INFO] performed 13 queries in 9 seconds [07:33:51] [INFO] the back-end DBMS is MySQL web server operating system: Linux Red Hat web application technology: PHP 5.2.11, Apache 2.2.3 back-end DBMS: MySQL >= 5.0.0 +-------+------------------------ +----------- +---------- +---------------------------------- +--------+--------------- + | admin | email | firstname | lastname | password | userid | username | +-------+------------------------ +----------- +---------- +---------------------------------- +--------+--------------- + | 1 | blah | blah | blah | blah | 1 | blah | +-------+------------------------ +----------- +---------- +---------------------------------- +--------+--------------- + blah MD5 : blah -- I've changed all the details to 'blah' for the purpose of this post. Does anyone know how I can secure my PHP to stock this injection? Thanks, Jack Hello. Recently I've run into a bit of an issue with Path Traversal. I was searching a bit on solutions to it, but all I could find were sites telling you to fix it, and not showing examples of how. So, I've been running a few tests and seem to have the majority fixed. At least, the ones on Owasp's examples don't work.
I am making a file manager, so they can browse the public_html all they want. I just don't want anyone using ../, or the document root to browse through anything other than through the public_html.
So, here is the solution I have found that seems to work on everything I have seen:
<?php
// Seems to solve plain-text, encoded, and null bytes
$replace = array("%", "..");
$file = str_replace($replace, "", $_GET['file']);
// ./ at the beginning to stop DOCUMENT_ROOT travel
echo show_file_contents("./".$file);
?>
And this is how the path is set up for file_get_contents to access:
<?php
function show_file_contents($file) {
$path = $_SERVER['DOCUMENT_ROOT']."/".$file;
}
?>
My question is: Does this fully stop any directory traversal attempt?
Edited by SarahBear, 09 November 2014 - 08:29 AM. I have a web app that uses an API that I wrote to communicate with my MySQL database that was written in PHP. Currently, each user of the API is required to authenticate before using the API with a username/password. Every API request is logged into a Requests_History table which stores the API request type, the timestamp and the userId of the requester. How can I easily stop hammering of the API via too many requests in a given time period? 1. first violation within 24 hours, 2 minute ban 2. second violation within 24 hours, 10 minute ban 3. second violation within 24 hours, 1 hour ban I have a habit of doing stuff like such: Code: [Select] <div class="portal_box"> <h2>Welcome to ZombieCraft's Highscores!</h2> <div class="portal_content"> Here you can sort the pros from the noobs, or just simply see whos on top of their game. The highscores will show the highsest scores, greatest to least. If you want to see a certain user's score, then just use the search button! <?php $username = $_SESSION['loggedin']; $extract_user_rank = mysql_query("SELECT rank FROM users WHERE username='$username'"); $grab = mysql_fetch_assoc($extract_user_rank); if($grab['rank'] > 0) { echo "</br><br/><a href='control_panel.php'>Admin Control Panel</a>"; } else { //return nothing } ?> </div> </div> I've been told a good bit of times that I need to stop using HTML and PHP in the same lines. How would one accomplish this? |
|||||||