gevans Posted December 2, 2008 Share Posted December 2, 2008 I've just found a little problem on a bespoke CMS that's about to go live. When adding new content areas through the following form; <form name="add-content-form" id="add-content-form" action="http://localhost/ebp/beta/admin.func.php?do=add&type=content" method="post"> <fieldset id="parent_idfield"> <label for="parent_id">Page:</label> <select id="parent_id" name="parent_id"> <option>SELECT PAGE</option> <option value="1">Home</option> </select> <a href="#" title="Information..." onclick="alert('Your new page will be seen in and accessed via the sub navigation of the parent page');return false;">?</a> <fieldset id="titlefield"> <label for="title">Title:</label> <input maxlength="44" id="title" type="text" value="" name="title" /> </fieldset> <fieldset id="subtitlefield"> <label for="subtitle">Sub Title:</label> <input maxlength="44" id="subtitle" type="text" value="" name="subtitle" /> </fieldset> <br /> <fieldset id="contentfield" class="yui-skin-sam"> <textarea style="width: 956px;" cols="100" rows="15" id="content" name="content"></textarea></fieldset> <br /> <fieldset id="submitfield"> <label for="submit"></label> <input id="submit" type="submit" value="Add Content Area" name="submit" /> </fieldset> </form> There's a bit of JavaScript omitted that's used to laod the textarea as Yahoo's Rich Text Editor. Once the form is submitted it goes through a validation and cleaning process. The problem text is shown here; 'Portsmouth & South East Hampshire' when adding that text the single spaces are stripped from around the '&' resulting in; 'Portsmouth&South East Hampshire' This is the code that validates the input, and it has lost the spaces already; if(!isset($_REQUEST['title']) || empty($_REQUEST['title'])){ $_SESSION['msg'] = TRUE; $_SESSION['msg_detail'] = 'title_not_set'; $_SESSION['msg_type'] = 0; } else { $title = $CN->input($_REQUEST['title']); $subtitle = $CN->input($_REQUEST['subtitle']); if(!isset($_REQUEST['content']) || empty($_REQUEST['content'])){ $_SESSION['msg'] = TRUE; $_SESSION['msg_detail'] = 'content_not_set'; $_SESSION['msg_type'] = 0; } else { $content = $CN->input_rte($_REQUEST['content']); if(!isset($_REQUEST['id']) || !is_numeric($_REQUEST['id'])){} else { $id = $CN->input($_REQUEST['id']); $query = "UPDATE content SET title='$title', sub_title='$subtitle', text='$content' WHERE id='$id'"; $result = $DB->query($query); if($result){ $_SESSION['msg'] = TRUE; $_SESSION['msg_detail'] = 'content_edited'; $_SESSION['msg_type'] = 1; } else { $_SESSION['msg'] = TRUE; $_SESSION['msg_detail'] = 'error_editing_content'; $_SESSION['msg_type'] = 0; } } } } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.