[SOLVED] problem with my first basic editor !!

[yami007]

here's the code so far :

<form action="" method="post">
<textarea cols="80" rows="10" name="note" wrap="cirtual"><?php @ReadFile("guestbook.php"); ?></textarea>
</form>

 

the problem is when there's a button inside the html, like <input type="submit" value="submit" /> it leaves the textarea, what should i do to escape this??

[.josh]

what do you mean by "leaves the text area"?

 

And why would you have a button inside textarea tags?

[yami007]

what do you mean by "leaves the text area"?

 

And why would you have a button inside textarea tags?

 

leaves the text area, i'm trying to read the whole file inside the textarea, but when there's a submit button, the text area stops, and the button is shown in normal, see please the attachment.

 

i want to hav it inside the textarea because i'm trying to edit that file : guestbook ^^

 

[attachment deleted by admin]

[.josh]

hmm maybe you need htmlentities

[yami007]

hmm maybe you need htmlentities

it's not working, the same issue again

[Andy-H]

try using htmlentities() with the ENT_QUOTES flag.

 

htmlentities(ReadFile("guestbook.php"), ENT_QUOTES));

[.josh]

can you post how you tried to use it?

[yami007]

this is how i did it :

<textarea cols="80" rows="10" name="note" wrap="cirtual">

<?php htmlentities(ReadFile("guestbook.php"), ENT_QUOTES); ?>

</textarea>

and it's not working !!

[.josh]

how about trying htmlentities + file_get_contents instead of readfile

[yami007]

oh i get it now, it's not the input submit which leaves, it's the textarea inside textarea which is the problem

[yami007]

well the problem is in the textarea when html finds </textarea>, it closes it and the rest is lost.

so how can i avoid this?

[Andy-H]

$text = ReadFile("guestbook.php");
$text = str_replace('<', '<', $text);
$text = str_replace('>', '>', $text);

<form action="" method="post">
<textarea cols="80" rows="10" name="note" wrap="cirtual">
<?php echo stripslashes(htmlentities($text, ENT_QUOTES)); ?>
</textarea>
</form>

[newbtophp]

This is a better way:

 

<?php
if($_POST['Submit']){
$open = fopen("guestbook.php","w+");
$text = $_POST['update'];
fwrite($open, urldecode($text));
fclose($open);
echo "Updated";
}else{
$file = file("guestbook.php");
echo "<form action=\"".$PHP_SELF."\" method=\"post\">";
echo "<textarea Name=\"update\" id=\"phpCode\"cols=\"50\" rows=\"10\">";
foreach($file as $text) {
echo $text;
}
echo "</textarea>";
echo "</br><input name=\"Submit\" type=\"submit\" value=\"Update\" onClick=\"document.getElementById('phpCode').value = escape(document.getElementById('phpCode').value)\"/>\n
</form>";
}
?>

[Andy-H]

Is it?

 

I was under the impression javascript can be disabled and should not be used to escape data...

 

Also "</br>" ???

 

Also, why are you only showing the form and escaping the data once the form is submitted. Escaping onclick of a button will not change the way it is displayed...

[newbtophp]

Is it?

 

I was under the impression javascript can be disabled and should not be used to escape data...

 

Also "</br>" ???

 

Also, why are you only showing the form and escaping the data once the form is submitted. Escaping onclick of a button will not change the way it is displayed...

 

If i didnt escape it, when i go back to the editor the file will not be the same as the original.

 

PS: This is a personal opinion.

 

</br> is just a habiit, he can remove if he'd like too.

 

However im new to php so looking forward to suggestions etc. Just thought I should try and contribute.

[yami007]

both are not working

This is a better way:

well the second is still giving me the same problem

the first one, not even working :s

[Andy-H]

Can you post a link to the page where the error occurs?

[yami007]

$text = ReadFile("guestbook.php");
$text = str_replace('<', '<', $text);
$text = str_replace('>', '>', $text);

<form action="" method="post">
<textarea cols="80" rows="10" name="note" wrap="cirtual">
<?php echo stripslashes(htmlentities($text, ENT_QUOTES)); ?>
</textarea>
</form>

 

thanks it ddnt work, but i rewrote your code and did this :

<?php
$text = file_get_contents("guestbook.php");
?>
<form action="" method="post">
<textarea cols="80" rows="10" name="note" wrap="cirtual">
<?php echo stripslashes(htmlentities($text, ENT_QUOTES)); ?>
</textarea>
</form>

 

so file_get_contents was the right option ^^

PS : i had to remove those lines :

 

$text = str_replace('<', '<', $text);
$text = str_replace('>', '>', $text);

they're not necessary since file_get_contents do the job..

[newbtophp]

$text = ReadFile("guestbook.php");
$text = str_replace('<', '<', $text);
$text = str_replace('>', '>', $text);

<form action="" method="post">
<textarea cols="80" rows="10" name="note" wrap="cirtual">
<?php echo stripslashes(htmlentities($text, ENT_QUOTES)); ?>
</textarea>
</form>

 

thanks it ddnt work, but i rewrote your code and did this :

<?php
$text = file_get_contents("guestbook.php");
?>
<form action="" method="post">
<textarea cols="80" rows="10" name="note" wrap="cirtual">
<?php echo stripslashes(htmlentities($text, ENT_QUOTES)); ?>
</textarea>
</form>

 

so file_get_contents was the right option ^^

PS : i had to remove those lines :

 

$text = str_replace('<', '<', $text);
$text = str_replace('>', '>', $text);

they're not necessary since file_get_contents do the job..

 

Then you wernt trying to edit the php source?, you wanted to edit the html?

[mikesta707]

$text = str_replace('<', '<', $text);
$text = str_replace('>', '>', $text);

 

doing this is pointless, as htmlentities does this, and more

[yami007]

Then you wernt trying to edit the php source?, you wanted to edit the html?

well i wanted to edit the whole file, not only php!!

[yami007]

$text = str_replace('<', '<', $text);
$text = str_replace('>', '>', $text);

 

doing this is pointless, as htmlentities does this, and more

i see, thanks