Jump to content

Textarea Html Problem


cutielou22

Recommended Posts

When I insert a break <br> it shows up as <br> in the textarea. The info is coming from the database.

 

How the info is ran through before adding to database (just in case you need this):

$bandbio = mysqli_real_escape_string ($mysqli, $_POST["bio"]);
$bandbio = strip_tags($bandbio, "<br /><p><a><b><u><s><br><i>");
$bandbio = rtrim($bandbio);

 

Once taken from the database this is what the info goes through before displaying info in textarea:

$bandbio = htmlspecialchars($bandbio);
$bandbio = addbreaks($bandbio); //adds the break tag where needed
echo $bandbio;

 

So how would I make it so the <br> does not show up as html but actually shows as a line-break?

 

For Example (this is what I would put in the text area):

Some[press enter]

text

 

To show up as:

Some

text

 

And not (like it is currently):

Some<br>
text

Link to comment
Share on other sites

Well, don't add line breaks. In a text area a line break is represented by a real line break.

 

echo "This line <br> does not have a real line break";
echo "This line
does have a real line break";

echo "This line \n also has a real line break";

 

It doesn't look like you are removing any explicit line breaks before inserting into the DB. Try displaying the text w/o using the addbreaks() function.

Edited by Psycho
Link to comment
Share on other sites

That doesn't make sense. \r\n are the escaped characters for line breaks. You shouldn't "see" those literal characters in the output. I don't believe it would be likely that you are converting real linebreaks to their escaped character codes. So, it is probably more likely that you are inserting those in the code somewhere as literal characters. Do you see those characters in the database? If so, the problem occurs before you save the data. If you do not see those in the database, then the problem occurs after you retrieve the data from the database.

 

I think you need to go back and look at each step where you transform the data. Do an echo before and after each step. Don't just rely upon what you see in the browser also check the HTML source. Again, you should never actually "see" \r\n in the output. Those should result in a line break in the source.

Edited by Psycho
Link to comment
Share on other sites

Here is the full page coding:

<?php
$pagetitle = "Edit Band";
$checkrank = 45;
include "../../header.inc.php";
$bandurl = mysqli_real_escape_string ($mysqli, $_GET["bandurl"]);
$bandurl = cleansafely($bandurl);
$stmt = $mysqli->prepare("SELECT id, bandname, bandurl, bio, source, formed, interests, influences, status, twitter, facebook, myspace, youtube, itunes, website, hometown, genre1, genre2, genre3, genre4, recordlabel, email, manager, manager2, bookingagent, bookingagent2, extra, dateadded FROM bands WHERE bandurl = ?");
$stmt->bind_param('s', $bandurl);
$stmt->execute();
$stmt->bind_result($bandid, $bandname, $bandurl, $bandbio, $source, $formed, $interests, $influences, $status, $twitter, $facebook, $myspace, $youtube, $itunes, $website, $hometown, $genre1, $genre2, $genre3, $genre4, $recordlabel, $email, $manager2, $manageremail, $bookingagent2, $bookingagentemail, $extra, $dateadded);
$stmt->fetch();
$stmt->close();

$extra = cleansafely($extra, "<br /><p><a><b><u><s><br><i>");

$stmt = $mysqli->prepare("SELECT id, name FROM genres");
$stmt->execute();
$stmt->bind_result($id, $genrename);
while ($stmt->fetch()){
$genreoptions .= "<option value='$genrename'>$genrename</option>";
}
$stmt->close();
ECHO <<<END
<div class=clr></div>
<center><a href="$baseurl/band/$bandurl" class="myButton">Band Page</a> <a href='$baseurl/589642r3d/add/bandmember.php?bandurl=$bandurl' class="myButton">Add Band Member</a></center>
<div class=clr></div>
<form action='band.pro.php' method='post' name='theMWAform' id='theMWAform' >
    <table width='98%' border='0' cellpadding='3' cellspacing='3'>
	  <tr>
	    <td>Band Name</td>
	    <td>$bandname <input type='hidden' name='bandname' id='bandname' value='$bandname' maxlength='200'>
  <input type='hidden' name='bandid' id='bandid' value='$bandid'>
	    </td>
	  </tr>
   <tr>
	    <td>Status</td>
	    <td>
  <select name="status">
   <option value='$status'>$status</option>
   <option value='Active'>Active</option>
   <option value='Hiatus'>Hiatus</option>
   <option value='Inactive'>Inactive</option>
  </select>
  <span class='small'>Year Formed</span> <input type='text' name='formed' size='6' id='formed' maxlength='4' value='$formed'>
  </td>
	  </tr>
	  <tr>
	    <td>Biography</td>
	    <td><textarea name='bio' type='text' rows='20' cols='150' id='bio' class='optional'><pre>
END;
$bandbio = htmlspecialchars($bandbio);
//$bandbio = addbreaks($bandbio);
//$bandbio = cleansafely($bandbio, "<br /><p><a><b><u><s><br><i>");
echo $bandbio;

ECHO <<<END
  </pre></textarea></td>
	  </tr>
   <tr>
	    <td>Biography Source</td>
	    <td>
  <select name='source'>
  <option value='$source'></option>
  <option value='0'>No Source</option>
  <option value='1'>Band Site</option>
  <option value='2'>Last FM</option>
  <option value='3'>Reverb Nation</option>
  <option value='4'>Live Nation</option>
  <option value='5'>AP (Alternative Press)</option>
  <option value='6'>Band of the Day</option>
  <option value='7'>Rolling Stone</option>
  <option value='8'>MTV</option>
  <option value='60'>Wikipedia</option>
  <option value='80'>Facebook</option>
  <option value='81'>MySpace</option>
  <option value='90'>User Submission</option>
  <option value='99'>Unknown Source</option>
  </select>
  </td>
	  </tr>
   <tr>
	    <td>Band Members</td>
	    <td width=100%>
  <div class="memberdiv">Edit Band Members <a href='../list/bandmembers.php?bandurl=$bandurl' target='_blank'>Here</a>.<br></div>
  </td>
	  </tr>
	  <tr>
	    <td>Website </td>
	    <td><input name='website' size='35' type='text' id='website' class='optional defaultInvalid url' value='$website'>
		  <span class='example'>http://www.example.com</span></td>
	  </tr>
	  <tr>
	    <td>Twitter</td>
	    <td><input name='twitter' size='35' type='text' id='twitter' class='optional' value='$twitter'>
   <span class='example'>Just the username.</span></td>
	  </tr>
	  <tr>
	    <td>Facebook</td>
	    <td><input name='facebook' size='35' type='text' id='facebook' class='optional' value='$facebook'>
   <span class='example'>Just the username.</span></td>
	  </tr>
	  <tr>
	    <td>MySpace</td>
	    <td><input name='myspace' size='35' type='text' id='myspace' class='optional' value='$myspace'>
   <span class='example'>Just the username.</span></td>
	  </tr>
	  <tr>
	    <td>Youtube</td>
	    <td><input name='youtube' size='35' type='text' id='youtube' class='optional' value='$youtube'>
   <span class='example'>Just the username.</span></td>
	  </tr>
   <tr>
	    <td>iTunes</td>
	    <td><input name='itunes' size='35' type='text' id='itunes' class='optional' value='$itunes'>
		  <span class='example'>Just the username.</span></td>
	  </tr>
	  <tr>
	    <td>Hometown</td>
	    <td><input name='hometown' size='35' type='text' id='hometown' class='optional' value='$hometown'></td>
	  </tr>
   <tr>
	    <td>Genre</td>
	    <td>
  <select name="genre1">
   <option value='$genre1'>$genre1</option>
   $genreoptions
  </select>
  <select name="genre2">
   <option value='$genre2'>$genre2</option>
   $genreoptions
  </select>
  <select name="genre3">
   <option value='$genre3'>$genre3</option>
   $genreoptions
  </select>
  <select name="genre4">
   <option value='$genre4'>$genre4</option>
   $genreoptions
  </select></td>
	  </tr>
	  <tr>
	    <td>Record Label</td>
	    <td><input name='recordlabel' size='35' type='text' id='recordlabel' class='optional' value='$recordlabel'></td>
	  </tr>
	  <tr>
	    <td>Email</td>
	    <td><input name='email' size='35' type='text' id='email' class='optional email' value='$email'></td>
	  </tr>
	  <tr>
	    <td>Manager</td>
	    <td><span class='small'>Name</span><input name='manager' size='35' type='text' id='manager' class='optional' value='$manager2'>
		  <span class='small'>Email</span><input name='manageremail' size='35' type='text' id='manageremail' class='optional' value='$manageremail2'></td>
	  </tr>
	  <tr>
	    <td>Booking Agent</td>
  <td><span class='small'>Name</span><input name='bookagent' size='35' type='text' id='bookagent' class='optional' value='$bookagent2'>
		  <span class='small'>Email</span><input name='bookagentemail' size='35' type='text' id='bookagentemail' class='optional' value='$bookagentemail2'> </td>
	  </tr>
   <tr>
	    <td>History</td>
	    <td><input name='history' value='1' type='checkbox' id='history' class='optional'>
  <select name="message">
   <option value=''></option>
   <option value='1'>Bio Edited</option>
   <option value='2'>Influences Edited</option>
   <option value='3'>Interests Edited</option>
   <option value='50'>Whole Page Edit</option>
  </select>

  </td>
	  </tr>
   <tr>
	    <td>Interests</td>
	    <td><textarea name='interests' type='text' rows=10 cols=85 id='interests' class='optional'>$interests</textarea></td>
	  </tr>
   <tr>
	    <td>Influences</td>
	    <td><textarea name='influences' type='text' rows=10 cols=85 id='influences' class='optional'>$influences</textarea></td>
	  </tr>
	  <tr>
	    <td>Extra Info</td>
	    <td><textarea name='extra' type='text' rows=10 cols=85 id='extra' class='optional'>$extra</textarea></td>
	  </tr>
    </table>
    <p align='center'>
	  <input type='submit' class='mybutton' value='Edit Band'>
    </p>
  </form>
END;
include "../../footer.inc.php";
?>

Link to comment
Share on other sites

@Psycho I tried your suggestion and found out mysqli_real_escape_string (); was causing the problem for some reason when putting it into the database. Why would that happen? How would I go about fixing this (if possible)?

 

If you are seeing actual "\r\n" in the database values then either 1) the user is entering those actual characters into the form and it is correct or 2) You are somehow injecting those characters into the values before you insert them into the database. mysqli_real_escape_string() will properly escape linebreaks to "\r\n", but that is so they will be properly inserted into the DB as linebreaks. What you are seeing is what would happen if you were escaping the input twice.

Link to comment
Share on other sites

The problem is that you're both using MRES() and prepared statements. Use one or the other, but not both at the same time.

In this case, it's safe to remove the manual escaping of the input data. Since you're using prepared statements.

Thanks I did not know this!

 

Also, thanks @Psycho for helping me fix the main problem. :)

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.