Jump to content

str_replace

arunpatal

By arunpatal
in PHP Coding Help

 Share

Recommended Posts

arunpatal Regular Member

arunpatal

Posted
Posted (edited)

Hi, i have a form in my add page

 

<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
	 <input type="text" name="title" value="" size="32"> <br>

 <textarea id='ha' name="detail" size="32"></textarea><br>

	 <input type="submit" value="Insert record"><br>

 

When i hit the submit button, the form saves data to database.....

 

For text area i am using rich text editor.

The problem is that this rich text editor saves <br> tag like <br xmlns="http://www.w3.org/1999/xhtml" />

 

It takes lot of extra space..

 

 

Now i want to use str_replace string for replaceing xmlns="http://www.w3.org/19...1999/xhtml" to space

 

How can i do this??

Edited by arunpatal
Link to comment
Share on other sites
arunpatal Regular Member

arunpatal

Posted
  • Author
Posted 

$text = str_replace('<br xmlns="http://www.w3.org/1999/xhtml" />', '<br />', $text);

 

Its not working........

In my database still show like this

 

 

<div id="php_code">TEST1<br xmlns="http://www.w3.org/1999/xhtml" />TEST2<br xmlns="http://www.w3.org/1999/xhtml" /><br xmlns="http://www.w3.org/1999/xhtml" />TEST3</div>

 

here is complete code of add page.

 

 

<?php require_once('script/test.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
 if (PHP_VERSION < 6) {
   $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
 }
 $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
 switch ($theType) {
   case "text":
  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  break;   
   case "long":
   case "int":
  $theValue = ($theValue != "") ? intval($theValue) : "NULL";
  break;
   case "double":
  $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
  break;
   case "date":
  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  break;
   case "defined":
  $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
  break;
 }
 return $theValue;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
 $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
 $insertSQL = sprintf("INSERT INTO test (title, detail) VALUES (%s, %s)",
				   GetSQLValueString($_POST['title'], "text"),
				   GetSQLValueString($_POST['detail'], "text"));
 mysql_select_db($database_test, $test);
 $Result1 = mysql_query($insertSQL, $test) or die(mysql_error());
 $insertGoTo = "view.php";
 if (isset($_SERVER['QUERY_STRING'])) {
   $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
   $insertGoTo .= $_SERVER['QUERY_STRING'];
 }
 header(sprintf("Location: %s", $insertGoTo));
}
mysql_select_db($database_test, $test);
$query_add = "SELECT * FROM test";
$add = mysql_query($query_add, $test) or die(mysql_error());
$row_add = mysql_fetch_assoc($add);
$totalRows_add = mysql_num_rows($add);
?>
<head>

   <script language="Javascript" src="style/jquery-1.3.2.min.js" type="text/javascript"></script>
   <script language="Javascript" src="style/htmlbox.colors.js" type="text/javascript"></script>
   <script language="Javascript" src="style/htmlbox.styles.js" type="text/javascript"></script>
   <script language="Javascript" src="style/htmlbox.syntax.js" type="text/javascript"></script>
   <script language="Javascript" src="style/xhtml.js" type="text/javascript"></script>
   <script language="Javascript" src="style/htmlbox.full.js" type="text/javascript"></script>
<script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script>
<link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css">
</head>
<body>
<?php $text = str_replace('<br xmlns="http://www.w3.org/1999/xhtml" />', '<br />', $text); ?>
<table width="1024" border="2" cellspacing="2" cellpadding="1">
 <tr>
   <td width="320"><a href="index.php">ADD</a></td>
   <td width="259"><a href="view.php">View</a></td>
   <td width="197"><a href="edit.php">Edit</a></td>
 </tr>

 <tr>
   <td colspan="3"><form method="post" name="form1" action="<?php echo $editFormAction; ?>">
  <table align="center">
    <tr valign="baseline">
	  <td nowrap align="right">Title:</td>
	  <td><span id="sprytextfield1">
	    <input type="text" name="title" value="" size="32">
	    <span class="textfieldRequiredMsg">A value is required.</span></span></td>
    </tr>
    <tr valign="baseline">
	  <td nowrap align="right">Detail:</td>
	  <td><textarea id='ha' name="detail" size="32"></textarea> </td>
    </tr>
    <tr valign="baseline">
	  <td nowrap align="right"> </td>
	  <td><input type="submit" value="Insert record"></td>
    </tr>
  </table>
  <input type="hidden" name="MM_insert" value="form1">
   </form>
   <p> </p>    </tr>
</table>
<?php $text = str_replace('<br xmlns="http://www.w3.org/1999/xhtml" />', '<br />', $text); ?>

<script language="Javascript" type="text/javascript">
$("#ha").css("height","100%").css("width","100%").htmlbox({
   toolbars:[
    [
    // Cut, Copy, Paste
    "separator","cut","copy","paste",
    // Undo, Redo
    "separator","undo","redo",
    // Bold, Italic, Underline, Strikethrough, Sup, Sub
    "separator","bold","italic","underline","strike","sup","sub",
    // Left, Right, Center, Justify
    "separator","justify","left","center","right",
    // Ordered List, Unordered List, Indent, Outdent
    "separator","ol","ul","indent","outdent",
    // Hyperlink, Remove Hyperlink, Image
    "separator","link","unlink","image"

    ],
    [// Show code
    "separator","code",
    // Formats, Font size, Font family, Font color, Font, Background
    "separator","formats","fontsize","fontfamily",
    "separator","fontcolor","highlight",
    ],
    [
    //Strip tags
    "separator","removeformat","striptags","hr","paragraph",
    // Styles, Source code syntax buttons
    "separator","quote","styles","syntax"
    ]
   ],
   skin:"blue"
});
var sprytextfield1 = new Spry.Widget.ValidationTextField("sprytextfield1");
</script>
</body>
<?php
mysql_free_result($add);
?>

Link to comment
Share on other sites
arunpatal Regular Member

arunpatal

Posted
  • Author
Posted (edited)

One more this....

 

Its a richtext editor which is replacing textarea.....

 

after saving the data when i view it, it show normal but in source code it shows like this

 

<div id="php_code">TEST1<br xmlns="http://www.w3.org/1999/xhtml" />TEST2<br xmlns="http://www.w3.org/1999/xhtml" /><br xmlns="http://www.w3.org/1999/xhtml" />TEST3</div>

Edited by arunpatal
Link to comment
Share on other sites
scootstah Member

scootstah

Posted
Posted

Of course it didn't work, it's not magic. You have to actually pass in the value of the text field. It looks like if you change: 

$insertSQL = sprintf("INSERT INTO test (title, detail) VALUES (%s, %s)",
                                          GetSQLValueString($_POST['title'], "text"),
                                          GetSQLValueString($_POST['detail'], "text"));

 

To: 

$detail = str_replace('<br xmlns="http://www.w3.org/1999/xhtml" />', '<br />', $_POST['detail']);
$insertSQL = sprintf("INSERT INTO test (title, detail) VALUES (%s, %s)",
GetSQLValueString($_POST['title'], "text"),
GetSQLValueString($detail, "text"));

 

You should be good to go.

 

However, there are a lot of issues with your code. Blindly passing around $_SERVER['PHP_SELF'] and $_SERVER['QUERY_STRING'] is a huge XSS vulnerability. Don't do that. You should be using hard-coded values that can't be altered by the user.

 

Your "GetSQLValueString" function is pretty useless. Get rid of that and simply use mysql_real_escape_string on input. There's no need to do all that stuff, MySQL will automatically typecast as it needs to.

 

Also, if (PHP_VERSION < 6) {

lolwut?

Link to comment
Share on other sites
arunpatal Regular Member

arunpatal

Posted
  • Author
Posted

First of all thanks for looking in this matter....

I am new to php and this script i made with the help of dreamweaver.

I know the script is not professional.

 

The code you wrote i added in the script like the code below but its still not working....

 

I would be thankfull if you can show where and how to add this code...

 

Thanks again

 

<?php require_once('script/test.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
 if (PHP_VERSION < 6) {
   $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
 }
 $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
 switch ($theType) {
   case "text":
  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  break;   
   case "long":
   case "int":
  $theValue = ($theValue != "") ? intval($theValue) : "NULL";
  break;
   case "double":
  $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
  break;
   case "date":
  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  break;
   case "defined":
  $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
  break;
 }
 return $theValue;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
 $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
 $insertSQL = sprintf("INSERT INTO test (title, detail) VALUES (%s, %s)",
				   GetSQLValueString($_POST['title'], "text"),
				   GetSQLValueString($_POST['detail'], "text"));
 mysql_select_db($database_test, $test);
 $Result1 = mysql_query($insertSQL, $test) or die(mysql_error());
 $insertGoTo = "view.php";
 if (isset($_SERVER['QUERY_STRING'])) {
   $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
   $insertGoTo .= $_SERVER['QUERY_STRING'];
 }
 header(sprintf("Location: %s", $insertGoTo));
}
mysql_select_db($database_test, $test);
$query_add = "SELECT * FROM test";
$add = mysql_query($query_add, $test) or die(mysql_error());
$row_add = mysql_fetch_assoc($add);
$totalRows_add = mysql_num_rows($add);

$insertSQL = sprintf("INSERT INTO test (title, detail) VALUES (%s, %s)",
GetSQLValueString($_POST['title'], "text"),
GetSQLValueString($_POST['detail'], "text"));
$detail = str_replace('<br xmlns="http://www.w3.org/1999/xhtml" />', '<br />', $_POST['detail']);
$insertSQL = sprintf("INSERT INTO test (title, detail) VALUES (%s, %s)",
GetSQLValueString($_POST['title'], "text"),
GetSQLValueString($detail, "text"));
?>
<head>

   <script language="Javascript" src="style/jquery-1.3.2.min.js" type="text/javascript"></script>
   <script language="Javascript" src="style/htmlbox.colors.js" type="text/javascript"></script>
   <script language="Javascript" src="style/htmlbox.styles.js" type="text/javascript"></script>
   <script language="Javascript" src="style/htmlbox.syntax.js" type="text/javascript"></script>
   <script language="Javascript" src="style/xhtml.js" type="text/javascript"></script>
   <script language="Javascript" src="style/htmlbox.full.js" type="text/javascript"></script>
<script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script>
<link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css">
</head>
<body>
<table width="1024" border="2" cellspacing="2" cellpadding="1">
 <tr>
   <td width="320"><a href="index.php">ADD</a></td>
   <td width="259"><a href="view.php">View</a></td>
   <td width="197"><a href="edit.php">Edit</a></td>
 </tr>

 <tr>
   <td colspan="3"><form method="post" name="form1" action="<?php echo $editFormAction; ?>">
  <table align="center">
    <tr valign="baseline">
	  <td nowrap align="right">Title:</td>
	  <td><span id="sprytextfield1">
	    <input type="text" name="title" value="" size="32">
	    <span class="textfieldRequiredMsg">A value is required.</span></span></td>
    </tr>
    <tr valign="baseline">
	  <td nowrap align="right">Detail:</td>
	  <td><textarea id='ha' name="detail" size="32"></textarea> </td>
    </tr>
    <tr valign="baseline">
	  <td nowrap align="right"> </td>
	  <td><input type="submit" value="Insert record"></td>
    </tr>
  </table>
  <input type="hidden" name="MM_insert" value="form1">
   </form>
   <p> </p>    </tr>
</table>

<script language="Javascript" type="text/javascript">
$("#ha").css("height","100%").css("width","100%").htmlbox({
   toolbars:[
    [
    // Cut, Copy, Paste
    "separator","cut","copy","paste",
    // Undo, Redo
    "separator","undo","redo",
    // Bold, Italic, Underline, Strikethrough, Sup, Sub
    "separator","bold","italic","underline","strike","sup","sub",
    // Left, Right, Center, Justify
    "separator","justify","left","center","right",
    // Ordered List, Unordered List, Indent, Outdent
    "separator","ol","ul","indent","outdent",
    // Hyperlink, Remove Hyperlink, Image
    "separator","link","unlink","image"

    ],
    [// Show code
    "separator","code",
    // Formats, Font size, Font family, Font color, Font, Background
    "separator","formats","fontsize","fontfamily",
    "separator","fontcolor","highlight",
    ],
    [
    //Strip tags
    "separator","removeformat","striptags","hr","paragraph",
    // Styles, Source code syntax buttons
    "separator","quote","styles","syntax"
    ]
   ],
   skin:"blue"
});
var sprytextfield1 = new Spry.Widget.ValidationTextField("sprytextfield1");
</script>
</body>
<?php
mysql_free_result($add);
?>

Link to comment
Share on other sites
scootstah Member

scootstah

Posted
Posted

I would be thankfull if you can show where and how to add this code...

 

I did.

 

It looks like if you change: 
$insertSQL = sprintf("INSERT INTO test (title, detail) VALUES (%s, %s)",
                                          GetSQLValueString($_POST['title'], "text"),
                                          GetSQLValueString($_POST['detail'], "text"));

 

To: 

$detail = str_replace('<br xmlns="http://www.w3.org/1999/xhtml" />', '<br />', $_POST['detail']);
$insertSQL = sprintf("INSERT INTO test (title, detail) VALUES (%s, %s)",
   GetSQLValueString($_POST['title'], "text"),
   GetSQLValueString($detail, "text"));

 

You should be good to go.

 

But instead you copy/pasted it to a random section of your code.

Link to comment
Share on other sites
scootstah Member

scootstah

Posted
Posted (edited)

I don't know how I can show you with any more clarity unless I come type it on your keyboard.

 

Look in your original code for this snippet: 

  $insertSQL = sprintf("INSERT INTO test (title, detail) VALUES (%s, %s)",
                                          GetSQLValueString($_POST['title'], "text"),
                                          GetSQLValueString($_POST['detail'], "text"));

 

Delete it. Now, where that code used to be, add: 

$detail = str_replace('<br xmlns="http://www.w3.org/1999/xhtml" />', '<br />', $_POST['detail']);
$insertSQL = sprintf("INSERT INTO test (title, detail) VALUES (%s, %s)",
       GetSQLValueString($_POST['title'], "text"),
       GetSQLValueString($detail, "text"));

Edited by scootstah
Link to comment
Share on other sites
arunpatal Regular Member

arunpatal

Posted
  • Author
Posted

I don't know how I can show you with any more clarity unless I come type it on your keyboard.

 

Look in your original code for this snippet: 

 $insertSQL = sprintf("INSERT INTO test (title, detail) VALUES (%s, %s)",
GetSQLValueString($_POST['title'], "text"),
GetSQLValueString($_POST['detail'], "text"));

 

Delete it. Now, where that code used to be, add: 

$detail = str_replace('<br xmlns="http://www.w3.org/1999/xhtml" />', '<br />', $_POST['detail']);
$insertSQL = sprintf("INSERT INTO test (title, detail) VALUES (%s, %s)",
GetSQLValueString($_POST['title'], "text"),
GetSQLValueString($detail, "text"));

 

 

GOT IT WORK :)

and many many thanks to you.... :happy-04: :happy-04: :happy-04: :happy-04: :happy-04:

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.