aviddread

Well, trial and error paid off. As I suspected, some of the safety measures were gumming things up- specifically the array to replace new lines and returns with paragraphs, and the magic quotes conditional. Not sure why they didn't work, but when I deleted the magic quotes bit and took the array apart and put each value in it's own str_replace statement, everything started working. Thanks to Oziam and Pikachu2000 for the heads up about the error reporting.

Thanks for your response. This is the form: <?php print "<form action='./home_handler.php' method='POST' style='margin-top:1em;'>"; print "<label>Headline:</label><br /><input name='headline' class='text' style='width:520px;' /><br />"; print "<label>Author:</label><br /><input name='author' class='text' style='width:520px;' /><br />"; print "<label>Body Text:</label><br /><textarea name='body' class='text' style='width:520px;height:12em;'></textarea><br />"; print "<input type='submit' class='button' name='Submit' value='Submit' />"; print "</form>"; ?> The only other thing I have going on is some code to display error messages: <?php print ($_SESSION['msg']['up_err']); unset($_SESSION['msg']['up_err']); ?> I used that message-display set-up on a different page and it worked fine....

Thanks for the responses. I turned on error reporting as you suggested and what I'm seeing there is: [11-Oct-2010 00:23:57] PHP Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ')' in /.../.../.../.../.../home_handler.php on line 23

Hi, I'm new to php and just trying to make sense of things by trying stuff. I'm trying to make a very rudimentary CMS where form values are added to a mysql database. One of the inputs in the form ($body) is a textarea. I've messed around with this but there's a glitch somewhere-when I press the submit button I just get a blank page (the page for the form processing script). My guess is there's something not right with the "safety measures" I'm taking: trim,stripslashes,etc. Any help would be appreciated <?phpsession_start();if(!isset($_POST['Submit'])){header("Location: home_manage.php");exit();}else{$headline=$_POST['headline'];$author=$_POST['author'];$body=$_POST['body'];$headline=trim($headline);$author=trim($author);$body=trim($body);$message=array(); if((strlen($headline)!=0)&&(strlen($author)!=0)&&(strlen($body)!=0)){ $time=time(); $date=date('Y-m-d H:i:s',$time); $headline=strip_tags($headline); $author=strip_tags($author); $body="<p>".$body."</p>"; $order=array("\r\n", "\n", "\r"); $replace='</p><p>'; $body=str_ireplace($order,$replace,$body); $body=strip_tags($body,'<p><br />'); if(get_magic_quotes_gpc()) { $headline=stripslashes($headline); $author=stripslashes($author); $body=stripslashes($body); } $headline=htmlentities(mysql_real_escape_string($headline)); $author=htmlentities(mysql_real_escape_string($author)); $body=htmlentities(mysql_real_escape_string($body)); require('storage.inc'); $link = mysql_connect($host,$user,$db_password); $db = mysql_select_db($post_database,$link); $query= "INSERT INTO entry (entry_date,entry_head,entry_author,entry_text) VALUES ('$date','$headline','$author','$body')"; mysql_query($query); $message[]="<p class='announce'><b>Post titled ".$headline." has been added to the database.</b></p>"; }else{if(strlen($headline)<1){$message[]="<p class='announce'><b>You must include a headline for this post.</b></p>";}if(strlen($author)<1){$message[]="<p class='announce'><b>You must include an author name for this post.</b></p>";}if(strlen($body)<1){$message[]="<p class='announce'><b>You must include some body text for this post.</b></p>";}}$_SESSION['msg']['up_err']=implode($message);header("Location: home_manage.php");exit();}?>