njdubois Posted July 10, 2012 Share Posted July 10, 2012 You have seen what I am talking about, they are all over the web. This text box I'm typing in now is a fine example! I need a textbox that, well, I need a text input method that strips all the important/security related characters from a string while retaining CRLF's and text formatting. To be saved to a mysql database. But when I am pulling that data to be displayed somewhere, I want to place said characters back into the string. What direction should I look to find a solution? Thanks Nick Link to comment https://forums.phpfreaks.com/topic/265479-advanced-text-input/ Share on other sites More sharing options...
Psycho Posted July 10, 2012 Share Posted July 10, 2012 There are several solutions available. Here is one: http://www.tinymce.com/ Link to comment https://forums.phpfreaks.com/topic/265479-advanced-text-input/#findComment-1360560 Share on other sites More sharing options...
Pikachu2000 Posted July 10, 2012 Share Posted July 10, 2012 mysql_real_escape_string is for making strings safe to use in a db query. htmlentities to encode any markup when displaying it. Link to comment https://forums.phpfreaks.com/topic/265479-advanced-text-input/#findComment-1360561 Share on other sites More sharing options...
Adam Posted July 10, 2012 Share Posted July 10, 2012 They're called "WYSIWYG" editors; What You See Is What You Get. What do you consider to be a security risk character though? Link to comment https://forums.phpfreaks.com/topic/265479-advanced-text-input/#findComment-1360562 Share on other sites More sharing options...
njdubois Posted July 10, 2012 Author Share Posted July 10, 2012 htmlentities looks to be what I was searching for, thanks! As far as security characters, I meant characters that are special to mysql. For example single and double quotes. Which if I don't manage right, could lead to sql attacks. Thanks again for the help ladies and gents! Nick Link to comment https://forums.phpfreaks.com/topic/265479-advanced-text-input/#findComment-1360575 Share on other sites More sharing options...
njdubois Posted July 10, 2012 Author Share Posted July 10, 2012 From the replies here I came up with : <?php if(isset($_POST['ok'])) { $in_str = $_POST['text_in']; $to_data = addslashes($in_str); $to_data = stripcslashes(ereg_replace("(\r\n|\n|\r)", "<br />", $to_data)); $display_output = stripcslashes(ereg_replace("(\r\n|\n|\r)", "<br />", $to_data)); $edit_output = stripcslashes(ereg_replace("(<br />)", "\r\n", $to_data)); echo 'Formated For Database : <br />'; echo '<textarea cols="100" rows="5">'.$to_data.'</textarea>'; echo '<br /><br />'; echo 'Displayed from Database : <br />' . $display_output; echo '<br /><br />'; } echo 'New, or for Edit from database : <br />'; echo '<form name="text_input" method="post" action="text_stuff.php">'; echo '<textarea id="text_in" name="text_in" cols="100" rows="10">'.$edit_output.'</textarea>'; echo '<input type="submit" id="ok" name="ok" value="Ok" />'; echo '</form>'; ?> Does the job perfectly. Many Thanks Nick Link to comment https://forums.phpfreaks.com/topic/265479-advanced-text-input/#findComment-1360600 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.