Jump to content

Stuff being turned to special charactors

smerny

By smerny
in PHP Coding Help

Recommended Posts

smerny Advanced Member

smerny

Posted
Posted 

	{	
	$message = $_POST['message'];
	$subject = $_POST['subject'];
	$description = $_POST['description'];

	$post_id = $_REQUEST['post'];
	$topic_id = $_REQUEST['topic'];

	if ($_REQUEST['c'] == "yes")
	{
		mysql_query("UPDATE posts SET body = '".$message."', subject= '".$subject."' WHERE ID = '".$post_id."'");
		echo "The post has  been edited<br/>
		  Subject is '".$subject."' and message is '".$message."' on post '".$post_id."'";
		exit();
	}
	else
	{
		$search = "SELECT * FROM posts WHERE ID='".$post_id."'";
		$result = mysql_query($search) or die ("SQL Error: " . mysql_error());		
		$posts = mysql_fetch_array($result);


		echo "<div class='reply'>
		    Edit Post:
		    <form method='post' action='post.php'>
		      Subject:<input type='text' name='subject' value='".$posts['subject']."'>
		      Message:
		      <textarea name='message'>".$posts['body']."</textarea>
		      <input type='hidden' name='post' value='".$post_id."'>
		      <input type='hidden' name='topic' value='".$topic_id."'>
		      <input type='hidden' name='page_mode' value='edit'>
		      <input type='hidden' name='c' value='yes'>
		      <input type='submit' name='submit' value='Submit Reply'>
		    </form>
		  </div>";
	}
}

 

if I enter "<" in the "message" textarea, somehow it ends up as "<" in the database... no clue why

 

goes from

<textarea name='message'>

to

$message = $_POST['message']

to

mysql_query("UPDATE posts SET body = '".$message."'

 

where is it getting changed?

smerny Advanced Member

smerny

Posted
  • Author
Posted

This is the entire code on that page... When I create a post, the database has the actual HTML characters (like "<"), but if I edit a post it will enter as special characters (like "<")... I don't understand why

 

<?php 

session_start();

require_once '../db.php';

$page_mode = isset($_REQUEST['page_mode']) ? $_REQUEST['page_mode'] : '';

$userrank = $_SESSION['user_rank'];
$user_id = $_SESSION['user_id'];

if ($page_mode == "post") //######################### PAGEMODE POST ##########################
{
$message = $_POST['message'];
$subject = $_POST['subject'];
$description = $_POST['description'];
$topic_id = $_POST['topic'];
$board_id = $_POST['board'];

if (!is_numeric($userrank))
{
	echo "Please <a href='../login.php'>log in</a> or <a href='../register.php'>register</a> before posting.";
}
else if ($userrank == 0)
{
	echo "Please <a href='../edit.php'>change your password</a> to verify your account before posting.";
}
else if ($userrank > 0)
{
	if ($topic_id > 0)
	{
		$search = "SELECT ID_board FROM topics WHERE ID='".$topic_id."'";
		$result = mysql_query($search) or die ("SQL Error:" . mysql_error());
		$row = mysql_fetch_array($result);
		$board_id = $row['ID_board'];

		$action = "INSERT INTO posts VALUES(NULL, '".$topic_id."', '".$board_id."', '".$user_id."', 0, NOW(), '".$subject."', '".$message."', 0)";
        		$result = mysql_query($action) or die ('SQL Error: ' . mysql_error());
        	}
        	else if ($board_id > 0)
        	{
        		$action = "INSERT INTO topics VALUES(NULL, '".$board_id."', '".$subject."', '".$description."', 0, 0, 0, 0)";
        		$result = mysql_query($action) or die ('SQL Error: ' . mysql_error());
        	
        		$topic_id = mysql_insert_id();
        	
		$action = "INSERT INTO posts VALUES(NULL, '".$topic_id."', '".$board_id."', '".$user_id."', 0, NOW(), '".$subject."', '".$message."', 0)";
        		$result = mysql_query($action) or die ('SQL Error: ' . mysql_error());
        		
        	}
	exit();
}
}//################################################### END PAGEMODE POST ########################

if ($page_mode == "delete")//######################### PAGEMODE DELETE ##########################
{
if ($userrank < 2)
{
	echo "You are unable to delete this post";
	exit();
}
else
{		
	$post_id = $_REQUEST['post'];

	if ($_REQUEST['c'] == "yes")
	{
		mysql_query("DELETE FROM posts WHERE ID = '".$post_id."'");
		echo "The post has  been deleted";
		exit();
	}
	else
	{

		echo "Are you sure you want to delete the following post?<br />
		<a href='post.php?page_mode=delete&post=".$post_id."&c=yes'>Yes</a>";

		$search = "SELECT * FROM posts WHERE ID='".$post_id."' ORDER BY ID";
		$result = mysql_query($search) or die ("SQL Error: " . mysql_error());
		while($posts = mysql_fetch_array($result))
		{
			$search2 = "SELECT * FROM users WHERE ID='".$posts['ID_poster']."'";
			$result2 = mysql_query($search2) or die ("SQL Error: " . mysql_error());
			$poster = mysql_fetch_array($result2);

			if($posts['ID_modifier'] > 0)
			{
				$search2 = "SELECT DisplayName FROM users WHERE ID='".$posts['ID_modifier']."'";
				$result2 = mysql_query($search2) or die ("SQL Error: " . mysql_error());
				$modifier = mysql_fetch_array($result2);
			}
			else
			{
				$modifier['DisplayName'] = "";
			}

			echo "
			<div class='fsub'>
			<table cellspacing='1px' width='100%'>			
			<tr>
			<td width='15%'>
		          <a href='../members.php?action=getinfo&userid=".$poster['ID']."'>".$poster['DisplayName']."</a><br />
		          Rank: ". $poster['Rank']."<br /><br />
		          Registered: ". $poster['Creation'] ."<br />
		          Location: ". $poster['Country'] ."
			</td>
			<td width='85%'>
		          ". ($posts['subject'] == "" ? "" : $posts['subject']." - ").$posts['posttime']."<br /><br />
		          ". $posts['body'] ."<br /><br />
		          ". ($modifier['DisplayName'] == "" ? "" : "Last edited by <a href='../members.php?action=getinfo&userid=".$posts['ID_modifier']."'>
		          ". $modifier['DisplayName']."</a>. ".$posts['modifiedtime'])."
			</td></tr></table></div>";

		} //end posts loop
	} //end c=no else	
}
}//################################################### END PAGEMODE DELETE ###################

if ($page_mode == "edit")//######################### PAGEMODE EDIT ##########################
{
if ($userrank < 2)
{
	echo "You are unable to edit this post";
	exit();
}
else
{	
	$message = $_POST['message'];
	$subject = $_POST['subject'];
	$description = $_POST['description'];

	$post_id = $_REQUEST['post'];
	$topic_id = $_REQUEST['topic'];

	if ($_REQUEST['c'] == "yes")
	{
		mysql_query("UPDATE posts SET body = '".$message."', subject= '".$subject."' WHERE ID = '".$post_id."'");
		echo "The post has  been edited<br/>
		  Subject is '".$subject."' and message is '".$message."' on post '".$post_id."'";
		exit();
	}
	else
	{
		$search = "SELECT * FROM posts WHERE ID='".$post_id."'";
		$result = mysql_query($search) or die ("SQL Error: " . mysql_error());		
		$posts = mysql_fetch_array($result);


		echo "<div class='reply'>
		    Edit Post:
		    <form method='post' action='post.php'>
		      Subject:<input type='text' name='subject' value='".$posts['subject']."'>
		      Message:
		      <textarea name='message'>".$posts['body']."</textarea>
		      <input type='hidden' name='post' value='".$post_id."'>
		      <input type='hidden' name='topic' value='".$topic_id."'>
		      <input type='hidden' name='page_mode' value='edit'>
		      <input type='hidden' name='c' value='yes'>
		      <input type='submit' name='submit' value='Submit Reply'>
		    </form>
		  </div>";
	}
}
}//################################################### END PAGEMODE EDIT ###################




?>

<?php 
if($page_mode = "")
{
include("../templates/declareHTML.php"); ?>
  <head>
    <title>Posting</title>
    <?php include("../styles/styles.php"); ?>
  </head>
  <body>
    <?php include("../templates/headerMenu.php"); ?>
<?php
if (!is_numeric($userrank))
{
echo "Please <a href='../login.php'>log in</a> or <a href='../register.php'>register</a> before posting.";
}
else if ($userrank == 0)
{
echo "Please <a href='../edit.php'>change your password</a> to verify your account before posting.";
}
else if ($userrank > 0)
{
echo $page_mode. " pagemode. ".$post_id. " Post ID  
  <div class='reply'>
    Reply
    <form method='post' action='post.php'>
      Subject:<input type='text' name='subject'>
      Description:<input type='text' name='description'>
      Message:
      <textarea name='message'></textarea>
      <input type='hidden' name='topic' value='".$topic_id."'>
      <input type='hidden' name='page_mode' value='post'>
      <input type='submit' name='submit' value='Submit Reply'>
    </form>
  </div>";
}?>
    <?php include("../templates/footer.php"); ?> 
  </body>
</html>
<?php
} ?>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.