Jump to content

How to deal with special html characters in self-calling form


dkindler

Recommended Posts

I have the following form that is self-calling that needs to be able to handle special characters like ' or ".  Not sure what the right combination of htmlspecialchars or urlencode is to get this to work properly.  Any help would be greatly appreciated!

 

Thanks, David

<form action="mini_banner.php" method="get">
<table>
   <tr>
     <td colspan="5">
         <input type="text" name="text1" style="width: 185px; height:17px;" 
             value="<?php echo $_GET[text1]; ?>" /> 
       </textarea>
</td>
   </tr>
</table>
<input type="submit" value="Create banners" />

</form>

<table cellpadding="10">
<?php
if ($_GET[text1]) {

$text1=$_GET[text1];

echo "<tr><td><IMG src='mini_off.php?text1=$text1'></td></tr>";
}
?>
</table>

Link to comment
Share on other sites

Dude, you are going to have to be more specific than 'not handled properly' if you want help. The amount of help you receive is directly proportional to the amount of information you give when asking for help.

 

You should:

 

1) State what you want to happen.

2) State what is happening

3) State what you have tried that failed

4) Give code

5) Give a link to code in action

 

For each one of these that you leave out, you cut your chances of getting help significantly.

 

So far you have done number 4 only.

Link to comment
Share on other sites

Hi Haku, thanks for your help.  The application is a web page that creates a simple banner using the GD library.  It accepts some text, calls itself and runs the banner creating program (mini_off.php).  When the page is loaded it checks if the form variable has been submitted (text1), if so, it runs mini_off.php and the image appears and the text is also redisplayed in the input textarea, in case the user wants to make any changes.  here is the basic code for mini_on.php

<?php
header('Content-type: image/gif');

session_cache_limiter('public');

// Create the image
$imgname1 = 'mini_banner_on.gif';
$im1 = @imagecreatefromgif($imgname1);
$gel = imagecolorallocate($im1, 36, 35, 35);
imagefilledrectangle($im1, 200, 1, 209, 64, $gel);
$grey1 = imagecolorallocate($im1, 101, 118, 131);

// The text to draw
$text1 = $_GET[text1];

// Replace path by your own font path
$font1 = 'HelvNeue_reg1.ttf';

// Add the text
imagettftext($im1, 10.5, 0, 16, 23, $grey1, $font1, $text1);

imagegif($im1);
imagedestroy($im1);

?

 

This runs fine if the text inputed has no special characters.  If a single quote is entered, for example, the quote is replaced with 2 forward slashes and the input text area on the form also gets a forward slash in front of the quote since it is calling itself.  I have tried using htmlspecialchars when calling mini_on.php and using various combinations of urlencode and urldecode to get both the form text input value and the banner text to show up properly and I cannot get it to work.  I think if I were to separate the pages and have the form call another page that might work better but I want to keep it this way in case the banner text is incorrect the user can make a quick change.

I can not provide a link to the code in action because it is on an internal site behind a firewall.

thanks again for any help you can provide.

Link to comment
Share on other sites

Can you give us the HTML form as well?

 

I'm guessing the method of the form is set to get - have you tried setting it to post? By setting it to get, the text is passed in the URL, and I suspect that it is automatically URL encoded. But I'm half guessing here, it will be easier to understand if you can show us the rest of your code.

Link to comment
Share on other sites

Hi Haku,  All the code is already presented in separate posts.  Here is all of it:

 

Main page: mini_banner.php

<form action="mini_banner.php" method="get">
<table>
   <tr>
     <td colspan="5">
         <input type="text" name="text1" style="width: 185px; height:17px;" 
             value="<?php echo $_GET[text1]; ?>" /> 
       </textarea>
</td>
   </tr>
</table>
<input type="submit" value="Create banners" />

</form>

<table cellpadding="10">
<?php
if ($_GET[text1]) {

$text1=$_GET[text1];

echo "<tr><td><IMG src='mini_off.php?text1=$text1'></td></tr>";
}
?>
</table>

 

Graphic banner program:

 

<?php
header('Content-type: image/gif');

session_cache_limiter('public');

// Create the image
$imgname1 = 'mini_banner_on.gif';
$im1 = @imagecreatefromgif($imgname1);
$gel = imagecolorallocate($im1, 36, 35, 35);
imagefilledrectangle($im1, 200, 1, 209, 64, $gel);
$grey1 = imagecolorallocate($im1, 101, 118, 131);

// The text to draw
$text1 = $_GET[text1];

// Replace path by your own font path
$font1 = 'HelvNeue_reg1.ttf';

// Add the text
imagettftext($im1, 10.5, 0, 16, 23, $grey1, $font1, $text1);

imagegif($im1);
imagedestroy($im1);

?>

 

I tried using post instead of get.  That made it worse.  Seems like the text is not being passed at all, although I am not sure why.

 

Thanks.

Link to comment
Share on other sites

I have a couple ideas on your problem. Not 100% sure of which one it is.

 

I think that it's probably using get. The reason post didn't work is because you were using

 

$_POST[text1]

 

instead of

 

$_POST['text1']

 

(I'm making some assumptions here). If you use post, nothing is encoded, and it should work fine.

 

It may also be because you are setting the header at the top of your script.

 

 

Link to comment
Share on other sites

wrong usage of htmlspecialchars

 

htmlspecialchars($var,ENT_NOQUOTES,ISO-8859-1);

 

then it wont do anything to your quotes.

 

http://us2.php.net/htmlspecialchars

 

The optional second argument, quote_style , tells the function what to do with single and double quote characters. The default mode, ENT_COMPAT, is the backwards compatible mode which only translates the double-quote character and leaves the single-quote untranslated. If ENT_QUOTES is set, both single and double quotes are translated and if ENT_NOQUOTES is set neither single nor double quotes are translated.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.