shortysbest Posted July 13, 2010 Share Posted July 13, 2010 I don't want to allow the user to post these because it appears as a blank space, so I was hoping there was a function to disable all of these, rather than doing them all manually :\ Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/ Share on other sites More sharing options...
Alex Posted July 13, 2010 Share Posted July 13, 2010 Using htmlentities will solve this problem. Ex: will be converted to Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085587 Share on other sites More sharing options...
shortysbest Posted July 13, 2010 Author Share Posted July 13, 2010 im using that. I have it so when u send the stAtus message it uses this: $status = htmlentities((get_magic_quotes_gpc())?mysql_real_escape_string(stripslashes($_POST['status'])):mysql_real_escape_string($_POST['status'])); then to call it from the database: $msg = htmlentities(get_magic_quotes_gpc())?nl2br(strip_tags(stripslashes($_POST['status']))):nl2br(strip_tags($_POST['status'])); Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085588 Share on other sites More sharing options...
Alex Posted July 13, 2010 Share Posted July 13, 2010 You shouldn't be performing htmlentities when you're inserting the data into and when displaying it from the database. You also have a problem with this line: $msg = htmlentities(get_magic_quotes_gpc())?nl2br(strip_tags(stripslashes($_POST['status']))):nl2br(strip_tags($_POST['status'])); You're messing up the parenthesis. Your conditional is [m]htmlentities(get_magic_quotes_gpc())[tt]. Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085591 Share on other sites More sharing options...
shortysbest Posted July 13, 2010 Author Share Posted July 13, 2010 neither fixed it :\ Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085593 Share on other sites More sharing options...
Alex Posted July 13, 2010 Share Posted July 13, 2010 Post your code for inserting it into and displaying it from the database. Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085596 Share on other sites More sharing options...
shortysbest Posted July 13, 2010 Author Share Posted July 13, 2010 <?php session_start(); error_reporting(0); include('../../connect.php'); include('../../ajaxvars.php'); $uid = $_SESSION['uid']; if(isset($_POST['status'])) { ///////////INSERT TO DATABASE////////////////////////////// $status = htmlentities((get_magic_quotes_gpc())?mysql_real_escape_string(stripslashes($_POST['status'])):mysql_real_escape_string($_POST['status'])); ////////////////////////////////////////////////////// $date = date('Y-m-d h:m:s e'); mysql_query("INSERT INTO status VALUES('','$status','$uid', '$session', '$date')") or die('There was an error connecting to the database at this time.'); $sql_in= mysql_query("SELECT * FROM status ORDER BY id DESC"); $r = mysql_fetch_array($sql_in); ///////////GET FROM DATABASE ////////////////////////////////////////////////// $msg = htmlentities(get_magic_quotes_gpc())?nl2br(strip_tags(stripslashes($_POST['status']))):nl2br(strip_tags($_POST['status'])); //////////////////////////////////////////////////////////////////////// $msg_id = $r['id']; $from_id = $session; $query = mysql_query("SELECT * FROM users WHERE id='$from_id'"); $ua = mysql_fetch_assoc($query); } ?> <li class="bar<?php echo $msg_id; ?>"><div class="profile-comment-container"><div onClick="<?php print $userlink;?>" class="profile-comment-thumb"><img src="assets/l_6d3ec56cb4bc4edf84b4b12ada71e19e.jpg" width="60" height="60" border="0"></div><div class="profile-comment-message"> <b><a class="user-link" href="index.php?node=profile&user=<?php print $uid;?>"><?php print $ua['fname'].' '.$ua['mname'].' '.$ua['lname'];?></a></b> <?php print $msg;?> <div class="profile-comment-extras">Comment<div class="profile-comment-date"><?php print date('g:m A \\o\n l, F j, Y', strtotime($status['date']));?></div></div> </li> Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085597 Share on other sites More sharing options...
Alex Posted July 14, 2010 Share Posted July 14, 2010 Why are you reading from the $_POST array when you're getting the data from the database? Shouldn't you be doing something like this?: $msg = nl2br(stripslashes($r['status'])); Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085599 Share on other sites More sharing options...
shortysbest Posted July 14, 2010 Author Share Posted July 14, 2010 this is an ajax file, i am using post in this file to fade the comment(s) posted without refreshing the page. In the parent page i do get it from the database. Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085601 Share on other sites More sharing options...
Alex Posted July 14, 2010 Share Posted July 14, 2010 This isn't making much sense. You're trying to fade the comments in and getting the data via AJAX? Your code is getting $msg from whatever you sent to the file via AJAX, that's not getting it from the database at all. You need to explain better because this really isn't making any sense. Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085604 Share on other sites More sharing options...
shortysbest Posted July 14, 2010 Author Share Posted July 14, 2010 in this file, update_status.php, $msg gets its data from the $_POST from the form on the other page. which in my case is profile.php. I use ajax to post the comment with the data that it gets from the form while the user is on the status page, ajax posts to this file i have above. when i say the comments fade in, I don't mean all of them, Just when the user, any user, comments on the profile.. (hits comment button), it fades the new comment in using the Post data, and it sends it to the database as well, but to get the fade in of teh new comment when they post it it uses the post data to display that. i hope i have explained it well enough. :\ but my problem is just the   etc. Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085608 Share on other sites More sharing options...
Alex Posted July 14, 2010 Share Posted July 14, 2010 Did you try fixing what I said initially? If that's fixed it should work: $msg = htmlentities(get_magic_quotes_gpc() ? nl2br(strip_tags(stripslashes($_POST['status']))) : nl2br(strip_tags($_POST['status']))); Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085610 Share on other sites More sharing options...
shortysbest Posted July 14, 2010 Author Share Posted July 14, 2010 yeah and it doesn't work. :\ Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085611 Share on other sites More sharing options...
Alex Posted July 14, 2010 Share Posted July 14, 2010 Aside from the fact that you should be performing nl2br after htmlentities so you don't remove the html line breaks you just inserted, it does worked as expected, I just tested. $msg = nl2br(htmlentities(get_magic_quotes_gpc() ? strip_tags(stripslashes($_POST['status'])) : strip_tags($_POST['status']))); When you enter into the form you see ( in the html) not a space. Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085616 Share on other sites More sharing options...
shortysbest Posted July 14, 2010 Author Share Posted July 14, 2010 oh now i see what you meant.. That's not what i meant though. I don't want the user to be able to submit a form if all they have entered is things like  , &paste, etc. It's just it posts a blank comment. Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085621 Share on other sites More sharing options...
ChemicalBliss Posted July 14, 2010 Share Posted July 14, 2010 To make sure there are characters; if(!preg_match("/[a-z]+/i",$input))){ exit("Error: Must contain some Text"); } Dirty way to make sure they don't use entity characters: if(html_entity_decode($input) != $input){ exit("Error: Cannot contain HTML Entity codes ( etc)"); } Another dirty way to check they don't use HTML tags: if(strip_tags($input) != $input){ exit("Error: Cannot contain HTML Tags (<b>, <i> etc)"); } -cb- Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085624 Share on other sites More sharing options...
shortysbest Posted July 14, 2010 Author Share Posted July 14, 2010 Thanks a lot, I will test that in a bit Link to comment https://forums.phpfreaks.com/topic/207663-dont-allow-nbsp-copy-paste-etc-is-there-a-php-function/#findComment-1085626 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.