Jump to content

Recommended Posts

I am having trouble posting a script using my html form.. If i remove functions like mysql_real_escape_string() or htmlentities() the query execution gives error like characters ' or " are causing problems, I want to post a script with <script>code</script> in the field and want it working on the html page as it is coded on an html page.. Can anyone help?

 

This is the input field

Description</b></td><td><textarea name="news_des" cols="50" rows="7">

extracting the information

	if(!empty($_POST['news_des']))
	{
		$news_des = mysql_real_escape_string(trim(htmlentities($_POST['news_des']))); // to get tags along
	}else
	{
		$error[] = 'You forgot to enter the News Description!';
	}
Link to comment
https://forums.phpfreaks.com/topic/279822-adding-scripts-to-html-forms/
Share on other sites

I think, here you need to use htmlspecialchars() instead of htmlentities()

if(!empty($_POST['news_des'])) { 

    $des = $_POST['news_des'];
    $des = mysql_real_escape_string($des);
    $des = htmlspecialchars($des);

} else {
   $error[] = 'You forgot to enter the News Description!';
}
Edited by thara

Why translate the characters?  If you want to use it as HTML store the HTML, if not then htmlentities() when you display it ot when you insert it:

$news_des = mysql_real_escape_string(trim($_POST['news_des']));

Also, you may have magic_quotes enabled, if so:

if(get_magic_quotes_gpc()) {
    $_POST = array_map('stripslashes', $_POST);
}
$news_des = mysql_real_escape_string(trim($_POST['news_des']));
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.