dropfaith Posted October 11, 2008 Share Posted October 11, 2008 So im writing a script to submit storyies to my site and clearly dont want users to submit html tags or xss attacks but i want new lines to auto imput the <br /> tags i thought the below might work but all it does is escape the br tag as well <?php // validate text input fields $cTitle = mysql_escape_string($_POST['Title']); $cGenre = mysql_escape_string($_POST['Genre']); $cDate = mysql_escape_string($_POST['Date']); $fArticle = str_replace("\n","<br/>",$_POST['Article']); $cAuthor = mysql_escape_string($_POST['Author']); $cloginid = mysql_escape_string($_POST['loginid']); $formArticle = mysql_escape_string($fArticle); $Title = htmlentities($cTitle,ENT_QUOTES,"utf-8"); $Genre = htmlentities($cGenre,ENT_QUOTES,"utf-8"); $Date = htmlentities($cDate,ENT_QUOTES,"utf-8"); $Article = htmlentities($formArticle,ENT_QUOTES,"utf-8"); $Author = htmlentities($cAuthor,ENT_QUOTES,"utf-8"); $loginid = htmlentities($cloginid,ENT_QUOTES,"utf-8"); ?> Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/ Share on other sites More sharing options...
darkfreaks Posted October 11, 2008 Share Posted October 11, 2008 <?php // validate text input fields $cTitle = mysql_escape_string($_POST['Title']); $cGenre = mysql_escape_string($_POST['Genre']); $cDate = mysql_escape_string($_POST['Date']); $farticle =n12br($_POST['Article']); // allows the <br /> tag $cAuthor = mysql_escape_string($_POST['Author']); $cloginid = mysql_escape_string($_POST['loginid']); $formArticle = mysql_escape_string($fArticle); $Title = htmlentities($cTitle,ENT_QUOTES,"utf-8"); $Genre = htmlentities($cGenre,ENT_QUOTES,"utf-8"); $Date = htmlentities($cDate,ENT_QUOTES,"utf-8"); $Article = htmlentities($formArticle,ENT_QUOTES,"utf-8"); $Author = htmlentities($cAuthor,ENT_QUOTES,"utf-8"); $loginid = htmlentities($cloginid,ENT_QUOTES,"utf-8"); ?> Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/#findComment-662963 Share on other sites More sharing options...
dropfaith Posted October 11, 2008 Author Share Posted October 11, 2008 that wouldnt submit to my db its not making an error tho its just not generating code past a certain lin hard to explain http://www.lawrenceguide.org/user/addstory.php username and pass are both phpfreaks submit a few articles and you will see what i mean <?php $cTitle = mysql_escape_string($_POST['Title']); $cGenre = mysql_escape_string($_POST['Genre']); $cDate = mysql_escape_string($_POST['Date']); $farticle =n12br($_POST['Article']); // allows the <br /> tag $cAuthor = mysql_escape_string($_POST['Author']); $cloginid = mysql_escape_string($_POST['loginid']); $formArticle = mysql_escape_string($fArticle); $Title = htmlentities($cTitle,ENT_QUOTES,"utf-8"); $Genre = htmlentities($cGenre,ENT_QUOTES,"utf-8"); $Date = htmlentities($cDate,ENT_QUOTES,"utf-8"); $Article = htmlentities($formArticle,ENT_QUOTES,"utf-8"); $Author = htmlentities($cAuthor,ENT_QUOTES,"utf-8"); $loginid = htmlentities($cloginid,ENT_QUOTES,"utf-8"); // check for errors // if none found... if (sizeof($errorList) == 0) { // open database connection $connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); // generate and execute query $query = "INSERT INTO story (Title, Genre, Article, Date, Author, loginid) VALUES('$Title','$Genre','$Article','$Date','$Author','$loginid')"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // print result echo "<p>Update successful.<a href=index.php>Go Home</a>.<br /> <a href=addstory.php>Add Another</p>"; // close database connection mysql_close($connection); } else { // errors found // print as list echo "<font size=-1>The following errors were encountered: <br>"; echo "<ul>"; for ($x=0; $x<sizeof($errorList); $x++) { echo "<li>$errorList[$x]"; } echo "</ul></font>"; } } ?> Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/#findComment-662969 Share on other sites More sharing options...
darkfreaks Posted October 11, 2008 Share Posted October 11, 2008 you have an extra close bracket on the end take one off should work Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/#findComment-662974 Share on other sites More sharing options...
dropfaith Posted October 11, 2008 Author Share Posted October 11, 2008 Parse error: syntax error, unexpected $end in /home/www/lawrenceguide.org/www/user/addstory.php on line 300 line 300 being the end of the entire page so that wasnt it Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/#findComment-662978 Share on other sites More sharing options...
darkfreaks Posted October 11, 2008 Share Posted October 11, 2008 paste the entire file please. there may be an error somewhere else your not showing me Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/#findComment-662979 Share on other sites More sharing options...
dropfaith Posted October 11, 2008 Author Share Posted October 11, 2008 Allows it to submit just fine just doesnt do the auto insert or br /< tags on a new line <?php // validate text input fields $cTitle = mysql_escape_string($_POST['Title']); $cGenre = mysql_escape_string($_POST['Genre']); $cDate = mysql_escape_string($_POST['Date']); $farticle =n12br($_POST['Article']); // allows the <br /> tag $cAuthor = mysql_escape_string($_POST['Author']); $cloginid = mysql_escape_string($_POST['loginid']); $formArticle = mysql_escape_string($fArticle); $Title = htmlentities($cTitle,ENT_QUOTES,"utf-8"); $Genre = htmlentities($cGenre,ENT_QUOTES,"utf-8"); $Date = htmlentities($cDate,ENT_QUOTES,"utf-8"); $Article = htmlentities($formArticle,ENT_QUOTES,"utf-8"); $Author = htmlentities($cAuthor,ENT_QUOTES,"utf-8"); $loginid = htmlentities($cloginid,ENT_QUOTES,"utf-8"); ?> ENTIRE FILE <?php session_start(); ?><html> <head> <SCRIPT TYPE="text/javascript"> <!-- function popup(mylink, windowname) { if (! window.focus)return true; var href; if (typeof(mylink) == 'string') href=mylink; else href=mylink.href; window.open(href, windowname, 'width=400,height=500,scrollbars=yes'); return false; } //--> </SCRIPT> <?php include("../template/meta.html"); ?> </head> <body> <div class="contain"> <!-- start Header --> <div class="header"></div> <!-- End Header Start TopNav --> <div id="listmenu"> <?php include("../template/topnav.html"); ?> </div> <div class="clear"></div> <!-- End Top Nav Start left Side Nav --> <div class="nav"> <?php require_once "header.php"; //content include "login.php"; // more content ?> </div> <!-- End left Side Nav Start Ad Conent Right Side--> <div class="ad"> <?php include("../template/ads.html"); ?> </div> <!--End Ad Right Side Start Center Main Conent --> <div class="admincontent"> <!-- page header - snip --> <?php // form not yet submitted // display initial form if (!isset($_POST['submit'])) { ?> <fieldset> <legend>Add Story</legend> <form action="<? echo $_SERVER['PHP_SELF']; ?>" method="POST"> <?php $u = $_SESSION['username']; $uid = $_SESSION['loginid']; $query = "SELECT * FROM login WHERE loginid = '$uid'"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // if records present if (mysql_num_rows($result) > 0) { // iterate through resultset // print article titles while($row = mysql_fetch_object($result)) { ?> <input type=hidden name="Author" value="<? echo $row->username; ?>"> <input type=hidden name="loginid" value="<? echo $row->loginid; ?>"> <?php } } // if no records present // display message else { ?> <?php } // close database connection mysql_close($connection); ?> <p> <label>Title</label> <input type=text name="Title" size="28"> </p> <p> <label>Date: </label> <input type="text" name="Date" size="28" value="<?php $today = date("F j, Y"); PRINT "$today"; ?>" /><br /> </p> <p><label>Genre</label> <select name="Genre"> <?php $query = "SELECT * FROM genre"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // if records present if (mysql_num_rows($result) > 0) { // iterate through resultset // print article titles while($row = mysql_fetch_object($result)) { ?> <option value="<? echo $row->Genre; ?>"><? echo $row->Genre; ?> <?php } } // if no records present // display message else { ?> <?php } // close database connection mysql_close($connection); ?></select><a style="font-weight:bold;" href="gpop.php" onClick="return popup(this, 'Events')" title="Opens in pop up">Add Type</a> <p> <label>Article</label></p> <p> <textarea name="Article" cols="46" rows="15"></textarea> </p> <input type="Submit" name="submit" value="Add"> </form> </fieldset> <?php } else { // includes include("../template/conf.php"); // set up error list array $errorList = array(); $count = 0; // validate text input fields // validate text input fields $cTitle = mysql_escape_string($_POST['Title']); $cGenre = mysql_escape_string($_POST['Genre']); $cDate = mysql_escape_string($_POST['Date']); $farticle =n12br($_POST['Article']); // allows the <br /> tag $cAuthor = mysql_escape_string($_POST['Author']); $cloginid = mysql_escape_string($_POST['loginid']); $formArticle = mysql_escape_string($fArticle); $Title = htmlentities($cTitle,ENT_QUOTES,"utf-8"); $Genre = htmlentities($cGenre,ENT_QUOTES,"utf-8"); $Date = htmlentities($cDate,ENT_QUOTES,"utf-8"); $Article = htmlentities($formArticle,ENT_QUOTES,"utf-8"); $Author = htmlentities($cAuthor,ENT_QUOTES,"utf-8"); $loginid = htmlentities($cloginid,ENT_QUOTES,"utf-8"); // check for errors // if none found... if (sizeof($errorList) == 0) { // open database connection $connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); // generate and execute query $query = "INSERT INTO story (Title, Genre, Article, Date, Author, loginid) VALUES('$Title','$Genre','$Article','$Date','$Author','$loginid')"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // print result echo "<p>Update successful.<a href=index.php>Go Home</a>.<br /> <a href=addstory.php>Add Another</p>"; // close database connection mysql_close($connection); } else { // errors found // print as list echo "<font size=-1>The following errors were encountered: <br>"; echo "<ul>"; for ($x=0; $x<sizeof($errorList); $x++) { echo "<li>$errorList[$x]"; } echo "</ul></font>"; } } ?> </div> <!-- End Center Main Conent --> <div class="clear"></div> <!-- footer --> <div class="footer"> <?php include("../template/footer.html"); ?> </div> <!--end footer --> </div> </body> </html> Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/#findComment-662982 Share on other sites More sharing options...
darkfreaks Posted October 11, 2008 Share Posted October 11, 2008 i don't see any major errors so far post the following line tell me all the errors that pop up: <?php ini_set('error_reporting',E_ALL);?> Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/#findComment-662984 Share on other sites More sharing options...
dropfaith Posted October 11, 2008 Author Share Posted October 11, 2008 there wasnt any its not submitting something properly its odd this wont submit at all and messes with the layout on the return page <?php session_start(); ?><html> <head> <SCRIPT TYPE="text/javascript"> <!-- function popup(mylink, windowname) { if (! window.focus)return true; var href; if (typeof(mylink) == 'string') href=mylink; else href=mylink.href; window.open(href, windowname, 'width=400,height=500,scrollbars=yes'); return false; } //--> </SCRIPT> <?php include("../template/meta.html"); ?> </head> <body> <div class="contain"> <!-- start Header --> <div class="header"></div> <!-- End Header Start TopNav --> <div id="listmenu"> <?php include("../template/topnav.html"); ?> </div> <div class="clear"></div> <!-- End Top Nav Start left Side Nav --> <div class="nav"> <?php require_once "header.php"; //content include "login.php"; // more content ?> </div> <!-- End left Side Nav Start Ad Conent Right Side--> <div class="ad"> <?php include("../template/ads.html"); ?> </div> <!--End Ad Right Side Start Center Main Conent --> <div class="admincontent"> <!-- page header - snip --> <? // form not yet submitted // display initial form if (!isset($_POST['submit'])) { ?> <fieldset> <legend>Add Story</legend> <form action="<? echo $_SERVER['PHP_SELF']; ?>" method="POST"> <?php $u = $_SESSION['username']; $uid = $_SESSION['loginid']; $query = "SELECT * FROM login WHERE loginid = '$uid'"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // if records present if (mysql_num_rows($result) > 0) { // iterate through resultset // print article titles while($row = mysql_fetch_object($result)) { ?> <input type=hidden name="Author" value="<? echo $row->username; ?>"> <input type=hidden name="loginid" value="<? echo $row->loginid; ?>"> <? } } // if no records present // display message else { ?> <? } // close database connection mysql_close($connection); ?> <p> <label>Title</label> <input type=text name="Title" size="28"> </p> <p> <label>Date: </label> <input type="text" name="Date" size="28" value="<?php $today = date("F j, Y"); PRINT "$today"; ?>" /><br /> </p> <p><label>Genre</label> <select name="Genre"> <?php $query = "SELECT * FROM genre"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // if records present if (mysql_num_rows($result) > 0) { // iterate through resultset // print article titles while($row = mysql_fetch_object($result)) { ?> <option value="<? echo $row->Genre; ?>"><? echo $row->Genre; ?> <? } } // if no records present // display message else { ?> <? } // close database connection mysql_close($connection); ?></select><a style="font-weight:bold;" href="gpop.php" onClick="return popup(this, 'Events')" title="Opens in pop up">Add Type</a> <p> <label>Article</label></p> <p> <textarea name="Article" cols="46" rows="15"></textarea> </p> <input type="Submit" name="submit" value="Add"> </form> </fieldset> <? } else { // includes include("../template/conf.php"); // set up error list array $errorList = array(); $count = 0; // validate text input fields // validate text input fields $cTitle = mysql_escape_string($_POST['Title']); $cGenre = mysql_escape_string($_POST['Genre']); $cDate = mysql_escape_string($_POST['Date']); $farticle =n12br($_POST['Article']); // allows the <br /> tag $cAuthor = mysql_escape_string($_POST['Author']); $cloginid = mysql_escape_string($_POST['loginid']); $formArticle = mysql_escape_string($fArticle); $Title = htmlentities($cTitle,ENT_QUOTES,"utf-8"); $Genre = htmlentities($cGenre,ENT_QUOTES,"utf-8"); $Date = htmlentities($cDate,ENT_QUOTES,"utf-8"); $Article = htmlentities($formArticle,ENT_QUOTES,"utf-8"); $Author = htmlentities($cAuthor,ENT_QUOTES,"utf-8"); $loginid = htmlentities($cloginid,ENT_QUOTES,"utf-8"); // check for errors // if none found... if (sizeof($errorList) == 0) { // open database connection $connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); // generate and execute query $query = "INSERT INTO story (Title, Genre, Article, Date, Author, loginid) VALUES('$Title','$Genre','$Article','$Date','$Author','$loginid')"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // print result echo "<p>Update successful.<a href=index.php>Go Home</a>.<br /> <a href=addstory.php>Add Another</p>"; // close database connection mysql_close($connection); } else { // errors found // print as list echo "<font size=-1>The following errors were encountered: <br>"; echo "<ul>"; for ($x=0; $x<sizeof($errorList); $x++) { echo "<li>$errorList[$x]"; } echo "</ul></font>"; } } ?> </div> <!-- End Center Main Conent --> <div class="clear"></div> <!-- footer --> <div class="footer"> <?php include("../template/footer.html"); ?> </div> <!--end footer --> </div> </body> </html> this submits stories just fine just doesnt do the <br /> as it escapes them <?php session_start(); ?><html> <head> <SCRIPT TYPE="text/javascript"> <!-- function popup(mylink, windowname) { if (! window.focus)return true; var href; if (typeof(mylink) == 'string') href=mylink; else href=mylink.href; window.open(href, windowname, 'width=400,height=500,scrollbars=yes'); return false; } //--> </SCRIPT> <?php include("../template/meta.html"); ?> </head> <body> <div class="contain"> <!-- start Header --> <div class="header"></div> <!-- End Header Start TopNav --> <div id="listmenu"> <?php include("../template/topnav.html"); ?> </div> <div class="clear"></div> <!-- End Top Nav Start left Side Nav --> <div class="nav"> <?php require_once "header.php"; //content include "login.php"; // more content ?> </div> <!-- End left Side Nav Start Ad Conent Right Side--> <div class="ad"> <?php include("../template/ads.html"); ?> </div> <!--End Ad Right Side Start Center Main Conent --> <div class="admincontent"> <!-- page header - snip --> <? // form not yet submitted // display initial form if (!isset($_POST['submit'])) { ?> <fieldset> <legend>Add Story</legend> <form action="<? echo $_SERVER['PHP_SELF']; ?>" method="POST"> <?php $u = $_SESSION['username']; $uid = $_SESSION['loginid']; $query = "SELECT * FROM login WHERE loginid = '$uid'"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // if records present if (mysql_num_rows($result) > 0) { // iterate through resultset // print article titles while($row = mysql_fetch_object($result)) { ?> <input type=hidden name="Author" value="<? echo $row->username; ?>"> <input type=hidden name="loginid" value="<? echo $row->loginid; ?>"> <? } } // if no records present // display message else { ?> <? } // close database connection mysql_close($connection); ?> <p> <label>Title</label> <input type=text name="Title" size="28"> </p> <p> <label>Date: </label> <input type="text" name="Date" size="28" value="<?php $today = date("F j, Y"); PRINT "$today"; ?>" /><br /> </p> <p><label>Genre</label> <select name="Genre"> <?php $query = "SELECT * FROM genre"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // if records present if (mysql_num_rows($result) > 0) { // iterate through resultset // print article titles while($row = mysql_fetch_object($result)) { ?> <option value="<? echo $row->Genre; ?>"><? echo $row->Genre; ?> <? } } // if no records present // display message else { ?> <? } // close database connection mysql_close($connection); ?></select><a style="font-weight:bold;" href="gpop.php" onClick="return popup(this, 'Events')" title="Opens in pop up">Add Type</a> <p> <label>Article</label></p> <p> <textarea name="Article" cols="46" rows="15"></textarea> </p> <input type="Submit" name="submit" value="Add"> </form> </fieldset> <? } else { // includes include("../template/conf.php"); // set up error list array $errorList = array(); $count = 0; // validate text input fields // validate text input fields $cTitle = mysql_escape_string($_POST['Title']); $cGenre = mysql_escape_string($_POST['Genre']); $cDate = mysql_escape_string($_POST['Date']); $fArticle = str_replace("\n","<br/>",$_POST['Article']); $cAuthor = mysql_escape_string($_POST['Author']); $cloginid = mysql_escape_string($_POST['loginid']); $formArticle = mysql_escape_string($fArticle); $Title = htmlentities($cTitle,ENT_QUOTES,"utf-8"); $Genre = htmlentities($cGenre,ENT_QUOTES,"utf-8"); $Date = htmlentities($cDate,ENT_QUOTES,"utf-8"); $Article = htmlentities($formArticle,ENT_QUOTES,"utf-8"); $Author = htmlentities($cAuthor,ENT_QUOTES,"utf-8"); $loginid = htmlentities($cloginid,ENT_QUOTES,"utf-8"); // check for errors // if none found... if (sizeof($errorList) == 0) { // open database connection $connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); // generate and execute query $query = "INSERT INTO story (Title, Genre, Article, Date, Author, loginid) VALUES('$Title','$Genre','$Article','$Date','$Author','$loginid')"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // print result echo "<p>Update successful.<a href=index.php>Go Home</a>.<br /> <a href=addstory.php>Add Another</p>"; // close database connection mysql_close($connection); } else { // errors found // print as list echo "<font size=-1>The following errors were encountered: <br>"; echo "<ul>"; for ($x=0; $x<sizeof($errorList); $x++) { echo "<li>$errorList[$x]"; } echo "</ul></font>"; } } ?> </div> <!-- End Center Main Conent --> <div class="clear"></div> <!-- footer --> <div class="footer"> <?php include("../template/footer.html"); ?> </div> <!--end footer --> </div> </body> </html> the only code thats different is $cTitle = mysql_escape_string($_POST['Title']); $cGenre = mysql_escape_string($_POST['Genre']); $cDate = mysql_escape_string($_POST['Date']); $fArticle = str_replace("\n","<br/>",$_POST['Article']); $cAuthor = mysql_escape_string($_POST['Author']); $cloginid = mysql_escape_string($_POST['loginid']); $formArticle = mysql_escape_string($fArticle); $Title = htmlentities($cTitle,ENT_QUOTES,"utf-8"); $Genre = htmlentities($cGenre,ENT_QUOTES,"utf-8"); $Date = htmlentities($cDate,ENT_QUOTES,"utf-8"); $Article = htmlentities($formArticle,ENT_QUOTES,"utf-8"); $Author = htmlentities($cAuthor,ENT_QUOTES,"utf-8"); $loginid = htmlentities($cloginid,ENT_QUOTES,"utf-8"); Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/#findComment-662987 Share on other sites More sharing options...
darkfreaks Posted October 11, 2008 Share Posted October 11, 2008 escape them how? please show me what it is outputting thanks. Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/#findComment-662991 Share on other sites More sharing options...
dropfaith Posted October 11, 2008 Author Share Posted October 11, 2008 http://www.lawrenceguide.org/literature/article.php?Id=21 is what was submiting each new line inserts <br /> <MARQUEE> Hi There! <IMG SRC="graphics/idocs.gif" HEIGHT=33 WIDTH=82 ALT="Idocs Guide to HTML"> </MARQUEE> <MARQUEE> Hi There! <IMG SRC="graphics/idocs.gif" HEIGHT=33 WIDTH=82 ALT="Idocs Guide to HTML"> </MARQUEE> <MARQUEE> Hi There! <IMG SRC="graphics/idocs.gif" HEIGHT=33 WIDTH=82 ALT="Idocs Guide to HTML"> </MARQUEE> Database shows this <MARQUEE> <br/>Hi There! <IMG SRC=\"graphics/idocs.gif\" HEIGHT=33 WIDTH=82 ALT=\"Idocs Guide to HTML\"> <br/></MARQUEE> <br/> <br/> <br/><MARQUEE> <br/>Hi There! <IMG SRC=\"graphics/idocs.gif\" HEIGHT=33 WIDTH=82 ALT=\"Idocs Guide to HTML\"> <br/></MARQUEE> <br/> Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/#findComment-662992 Share on other sites More sharing options...
DarkWater Posted October 11, 2008 Share Posted October 11, 2008 You only want to use nl2br() when outputting, not inserting into the database. Try that. Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/#findComment-662996 Share on other sites More sharing options...
dropfaith Posted October 11, 2008 Author Share Posted October 11, 2008 thank you Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/#findComment-662999 Share on other sites More sharing options...
darkfreaks Posted October 11, 2008 Share Posted October 11, 2008 yeah it will appear in the database as it's html entity equivalent try doing something like <?php echo n12br($output);?> Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/#findComment-663001 Share on other sites More sharing options...
dropfaith Posted October 11, 2008 Author Share Posted October 11, 2008 odd that works without $fArticle = str_replace("\n","<br/>",$_POST['Article']); Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/#findComment-663004 Share on other sites More sharing options...
darkfreaks Posted October 11, 2008 Share Posted October 11, 2008 that is because in the DB it is submiting as it's html entity then when you output with n12br it converts back into break Link to comment https://forums.phpfreaks.com/topic/128024-solved-esacape-html-entries/#findComment-663007 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.