njdubois Posted July 10, 2012 Share Posted July 10, 2012 You have seen what I am talking about, they are all over the web. This text box I'm typing in now is a fine example! I need a textbox that, well, I need a text input method that strips all the important/security related characters from a string while retaining CRLF's and text formatting. To be saved to a mysql database. But when I am pulling that data to be displayed somewhere, I want to place said characters back into the string. What direction should I look to find a solution? Thanks Nick Quote Link to comment https://forums.phpfreaks.com/topic/265479-advanced-text-input/ Share on other sites More sharing options...
Psycho Posted July 10, 2012 Share Posted July 10, 2012 There are several solutions available. Here is one: http://www.tinymce.com/ Quote Link to comment https://forums.phpfreaks.com/topic/265479-advanced-text-input/#findComment-1360560 Share on other sites More sharing options...
Pikachu2000 Posted July 10, 2012 Share Posted July 10, 2012 mysql_real_escape_string is for making strings safe to use in a db query. htmlentities to encode any markup when displaying it. Quote Link to comment https://forums.phpfreaks.com/topic/265479-advanced-text-input/#findComment-1360561 Share on other sites More sharing options...
Adam Posted July 10, 2012 Share Posted July 10, 2012 They're called "WYSIWYG" editors; What You See Is What You Get. What do you consider to be a security risk character though? Quote Link to comment https://forums.phpfreaks.com/topic/265479-advanced-text-input/#findComment-1360562 Share on other sites More sharing options...
njdubois Posted July 10, 2012 Author Share Posted July 10, 2012 htmlentities looks to be what I was searching for, thanks! As far as security characters, I meant characters that are special to mysql. For example single and double quotes. Which if I don't manage right, could lead to sql attacks. Thanks again for the help ladies and gents! Nick Quote Link to comment https://forums.phpfreaks.com/topic/265479-advanced-text-input/#findComment-1360575 Share on other sites More sharing options...
njdubois Posted July 10, 2012 Author Share Posted July 10, 2012 From the replies here I came up with : <?php if(isset($_POST['ok'])) { $in_str = $_POST['text_in']; $to_data = addslashes($in_str); $to_data = stripcslashes(ereg_replace("(\r\n|\n|\r)", "<br />", $to_data)); $display_output = stripcslashes(ereg_replace("(\r\n|\n|\r)", "<br />", $to_data)); $edit_output = stripcslashes(ereg_replace("(<br />)", "\r\n", $to_data)); echo 'Formated For Database : <br />'; echo '<textarea cols="100" rows="5">'.$to_data.'</textarea>'; echo '<br /><br />'; echo 'Displayed from Database : <br />' . $display_output; echo '<br /><br />'; } echo 'New, or for Edit from database : <br />'; echo '<form name="text_input" method="post" action="text_stuff.php">'; echo '<textarea id="text_in" name="text_in" cols="100" rows="10">'.$edit_output.'</textarea>'; echo '<input type="submit" id="ok" name="ok" value="Ok" />'; echo '</form>'; ?> Does the job perfectly. Many Thanks Nick Quote Link to comment https://forums.phpfreaks.com/topic/265479-advanced-text-input/#findComment-1360600 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.