11 replies to this topic

[cutielou22]

When I insert a break <br> it shows up as <br> in the textarea. The info is coming from the database.

How the info is ran through before adding to database (just in case you need this):

$bandbio = mysqli_real_escape_string ($mysqli, $_POST["bio"]);
$bandbio = strip_tags($bandbio, "<br /><p><a><b><u><s><br><i>");
$bandbio = rtrim($bandbio);

Once taken from the database this is what the info goes through before displaying info in textarea:

$bandbio = htmlspecialchars($bandbio);
$bandbio = addbreaks($bandbio); //adds the break tag where needed
echo $bandbio;

So how would I make it so the <br> does not show up as html but actually shows as a line-break?

For Example (this is what I would put in the text area):
Some[press enter]
text

To show up as:
Some
text

And not (like it is currently):

Some<br>
text

[Psycho]

Well, don't add line breaks. In a text area a line break is represented by a real line break.

echo "This line <br> does not have a real line break";
echo "This line
does have a real line break";

echo "This line \n also has a real line break";

It doesn't look like you are removing any explicit line breaks before inserting into the DB. Try displaying the text w/o using the addbreaks() function.

Edited by Psycho, 13 November 2012 - 02:14 AM.

[cutielou22]

Removing addbreaks() just makes it so \r\n\r\n shows up instead.

[Psycho]

That doesn't make sense. \r\n are the escaped characters for line breaks. You shouldn't "see" those literal characters in the output. I don't believe it would be likely that you are converting real linebreaks to their escaped character codes. So, it is probably more likely that you are inserting those in the code somewhere as literal characters. Do you see those characters in the database? If so, the problem occurs before you save the data. If you do not see those in the database, then the problem occurs after you retrieve the data from the database.

I think you need to go back and look at each step where you transform the data. Do an echo before and after each step. Don't just rely upon what you see in the browser also check the HTML source. Again, you should never actually "see" \r\n in the output. Those should result in a line break in the source.

Edited by Psycho, 13 November 2012 - 11:18 AM.

[Jessica]

Removing addbreaks() just makes it so \r\n\r\n shows up instead.

If you echo it outside of a textarea, yes. INSIDE a textarea it should work. Post the relevant code, not just those three lines.

[cutielou22]

Here is the full page coding:

<?php
$pagetitle = "Edit Band";
$checkrank = 45;
include "../../header.inc.php";
$bandurl = mysqli_real_escape_string ($mysqli, $_GET["bandurl"]);
$bandurl = cleansafely($bandurl);
$stmt = $mysqli->prepare("SELECT id, bandname, bandurl, bio, source, formed, interests, influences, status, twitter, facebook, myspace, youtube, itunes, website, hometown, genre1, genre2, genre3, genre4, recordlabel, email, manager, manager2, bookingagent, bookingagent2, extra, dateadded FROM bands WHERE bandurl = ?");
$stmt->bind_param('s', $bandurl);
$stmt->execute();
$stmt->bind_result($bandid, $bandname, $bandurl, $bandbio, $source, $formed, $interests, $influences, $status, $twitter, $facebook, $myspace, $youtube, $itunes, $website, $hometown, $genre1, $genre2, $genre3, $genre4, $recordlabel, $email, $manager2, $manageremail, $bookingagent2, $bookingagentemail, $extra, $dateadded);
$stmt->fetch();
$stmt->close();

$extra = cleansafely($extra, "<br /><p><a><b><u><s><br><i>");

$stmt = $mysqli->prepare("SELECT id, name FROM genres");
$stmt->execute();
$stmt->bind_result($id, $genrename);
while ($stmt->fetch()){
$genreoptions .= "<option value='$genrename'>$genrename</option>";
}
$stmt->close();
ECHO <<<END
<div class=clr></div>
<center><a href="$baseurl/band/$bandurl" class="myButton">Band Page</a> <a href='$baseurl/589642r3d/add/bandmember.php?bandurl=$bandurl' class="myButton">Add Band Member</a></center>
<div class=clr></div>
<form action='band.pro.php' method='post' name='theMWAform' id='theMWAform' >
	    <table width='98%' border='0' cellpadding='3' cellspacing='3'>
		  <tr>
		    <td>Band Name</td>
		    <td>$bandname <input type='hidden' name='bandname' id='bandname' value='$bandname' maxlength='200'>
   <input type='hidden' name='bandid' id='bandid' value='$bandid'>
		    </td>
		  </tr>
    <tr>
		    <td>Status</td>
		    <td>
   <select name="status">
    <option value='$status'>$status</option>
    <option value='Active'>Active</option>
    <option value='Hiatus'>Hiatus</option>
    <option value='Inactive'>Inactive</option>
   </select>
   <span class='small'>Year Formed</span> <input type='text' name='formed' size='6' id='formed' maxlength='4' value='$formed'>
   </td>
		  </tr>
		  <tr>
		    <td>Biography</td>
		    <td><textarea name='bio' type='text' rows='20' cols='150' id='bio' class='optional'><pre>
END;
$bandbio = htmlspecialchars($bandbio);
//$bandbio = addbreaks($bandbio);
//$bandbio = cleansafely($bandbio, "<br /><p><a><b><u><s><br><i>");
echo $bandbio;

ECHO <<<END
   </pre></textarea></td>
		  </tr>
    <tr>
		    <td>Biography Source</td>
		    <td>
   <select name='source'>
   <option value='$source'></option>
   <option value='0'>No Source</option>
   <option value='1'>Band Site</option>
   <option value='2'>Last FM</option>
   <option value='3'>Reverb Nation</option>
   <option value='4'>Live Nation</option>
   <option value='5'>AP (Alternative Press)</option>
   <option value='6'>Band of the Day</option>
   <option value='7'>Rolling Stone</option>
   <option value='8'>MTV</option>
   <option value='60'>Wikipedia</option>
   <option value='80'>Facebook</option>
   <option value='81'>MySpace</option>
   <option value='90'>User Submission</option>
   <option value='99'>Unknown Source</option>
   </select>
   </td>
		  </tr>
    <tr>
		    <td>Band Members</td>
		    <td width=100%>
   <div class="memberdiv">Edit Band Members <a href='../list/bandmembers.php?bandurl=$bandurl' target='_blank'>Here</a>.<br></div>
   </td>
		  </tr>
		  <tr>
		    <td>Website </td>
		    <td><input name='website' size='35' type='text' id='website' class='optional defaultInvalid url' value='$website'>
			  <span class='example'>http://www.example.com</span></td>
		  </tr>
		  <tr>
		    <td>Twitter</td>
		    <td><input name='twitter' size='35' type='text' id='twitter' class='optional' value='$twitter'>
    <span class='example'>Just the username.</span></td>
		  </tr>
		  <tr>
		    <td>Facebook</td>
		    <td><input name='facebook' size='35' type='text' id='facebook' class='optional' value='$facebook'>
    <span class='example'>Just the username.</span></td>
		  </tr>
		  <tr>
		    <td>MySpace</td>
		    <td><input name='myspace' size='35' type='text' id='myspace' class='optional' value='$myspace'>
    <span class='example'>Just the username.</span></td>
		  </tr>
		  <tr>
		    <td>Youtube</td>
		    <td><input name='youtube' size='35' type='text' id='youtube' class='optional' value='$youtube'>
    <span class='example'>Just the username.</span></td>
		  </tr>
    <tr>
		    <td>iTunes</td>
		    <td><input name='itunes' size='35' type='text' id='itunes' class='optional' value='$itunes'>
			  <span class='example'>Just the username.</span></td>
		  </tr>
		  <tr>
		    <td>Hometown</td>
		    <td><input name='hometown' size='35' type='text' id='hometown' class='optional' value='$hometown'></td>
		  </tr>
    <tr>
		    <td>Genre</td>
		    <td>
   <select name="genre1">
    <option value='$genre1'>$genre1</option>
    $genreoptions
   </select>
   <select name="genre2">
    <option value='$genre2'>$genre2</option>
    $genreoptions
   </select>
   <select name="genre3">
    <option value='$genre3'>$genre3</option>
    $genreoptions
   </select>
   <select name="genre4">
    <option value='$genre4'>$genre4</option>
    $genreoptions
   </select></td>
		  </tr>
		  <tr>
		    <td>Record Label</td>
		    <td><input name='recordlabel' size='35' type='text' id='recordlabel' class='optional' value='$recordlabel'></td>
		  </tr>
		  <tr>
		    <td>Email</td>
		    <td><input name='email' size='35' type='text' id='email' class='optional email' value='$email'></td>
		  </tr>
		  <tr>
		    <td>Manager</td>
		    <td><span class='small'>Name</span><input name='manager' size='35' type='text' id='manager' class='optional' value='$manager2'>
			  <span class='small'>Email</span><input name='manageremail' size='35' type='text' id='manageremail' class='optional' value='$manageremail2'></td>
		  </tr>
		  <tr>
		    <td>Booking Agent</td>
   <td><span class='small'>Name</span><input name='bookagent' size='35' type='text' id='bookagent' class='optional' value='$bookagent2'>
			  <span class='small'>Email</span><input name='bookagentemail' size='35' type='text' id='bookagentemail' class='optional' value='$bookagentemail2'> </td>
		  </tr>
    <tr>
		    <td>History</td>
		    <td><input name='history' value='1' type='checkbox' id='history' class='optional'>
   <select name="message">
    <option value=''></option>
    <option value='1'>Bio Edited</option>
    <option value='2'>Influences Edited</option>
    <option value='3'>Interests Edited</option>
    <option value='50'>Whole Page Edit</option>
   </select>
  
   </td>
		  </tr>
    <tr>
		    <td>Interests</td>
		    <td><textarea name='interests' type='text' rows=10 cols=85 id='interests' class='optional'>$interests</textarea></td>
		  </tr>
    <tr>
		    <td>Influences</td>
		    <td><textarea name='influences' type='text' rows=10 cols=85 id='influences' class='optional'>$influences</textarea></td>
		  </tr>
		  <tr>
		    <td>Extra Info</td>
		    <td><textarea name='extra' type='text' rows=10 cols=85 id='extra' class='optional'>$extra</textarea></td>
		  </tr>
	    </table>
	    <p align='center'>
		  <input type='submit' class='mybutton' value='Edit Band'>
	    </p>
	  </form>
END;
include "../../footer.inc.php";
?>

[cutielou22]

@Psycho It does show up in the database like that - I didn't think that was normal when I first noticed it. I will try your suggestion and hopefully it leads me in the right direction.

[cutielou22]

@Psycho I tried your suggestion and found out mysqli_real_escape_string (); was causing the problem for some reason when putting it into the database. Why would that happen? How would I go about fixing this (if possible)?

[Psycho]

@Psycho I tried your suggestion and found out mysqli_real_escape_string (); was causing the problem for some reason when putting it into the database. Why would that happen? How would I go about fixing this (if possible)?

If you are seeing actual "\r\n" in the database values then either 1) the user is entering those actual characters into the form and it is correct or 2) You are somehow injecting those characters into the values before you insert them into the database. mysqli_real_escape_string() will properly escape linebreaks to "\r\n", but that is so they will be properly inserted into the DB as linebreaks. What you are seeing is what would happen if you were escaping the input twice.

[Christian F.]

The problem is that you're both using MRES() and prepared statements. Use one or the other, but not both at the same time.
In this case, it's safe to remove the manual escaping of the input data. Since you're using prepared statements.

[cutielou22]

The problem is that you're both using MRES() and prepared statements. Use one or the other, but not both at the same time.
In this case, it's safe to remove the manual escaping of the input data. Since you're using prepared statements.

Thanks I did not know this!

Also, thanks @Psycho for helping me fix the main problem.

[Christian F.]

You're welcome, glad I could help.