Problem using forms, special characters seem to delimit, or shorten the message

diode · January 17, 2007

Hello,

I had this working, and I accidentally changed some things, thinking it was a different file, and saved it, now I'm stuck. What I'm trying to do is fix my page where it is supposed to let you type your message, then when you click on 'Preview', it loads the same page, only with a table cell containing the message you just typed.

The problem is, when you type something with special characters in it, such as, "I'm posting this message.", when you click on 'Preview', it will show, "I/'m posting this message."

And when I go to post it after I preview it, the message list shows it as, "I/'m" and that's it. I've spent hours trying to figure it out.

Here is my the code portion that deals with posting a message:
[code]
<?php
session_start();

$boardno=$_GET['boardno'];
$topicno=$_GET['topicno'];
$message = nl2br($_POST['message']);
$msgpreview = $message;
$sig = $_SESSION['signature'];

echo "message: <br>$message<br><br>";
echo "msgpreview: <br>$msgpreview<br><br>";

if ($message == '')
{

echo "<form action='try.php?boardno=$boardno&topicno=$topicno' method='post'>";

echo "Type your message below: <br><br>";
echo "<textarea name='message' rows=20 cols=80 wrap>\n\n---\n$sig</textarea>";

echo "<p><input type='submit' value='Preview'/> ";
echo "<input type='reset' name='reset' value='Reset'>";

echo "</form>";

} else
{

echo "<form action='msgredir.php?boardno=$boardno&topicno=$topicno' method='post'>";
echo "$msgpreview";

echo "<input type='hidden' name='message' value='$message'/>";
echo "<input type='submit' value='Post message'/>";

echo "</form>";

echo "<form action='try.php?boardno=$boardno&topicno=$topicno' method='post'>";

echo "Type your message below: <br><br>";
echo "<textarea name='message' rows=20 cols=80 wrap>$message</textarea>";

echo "<p><input type='submit' value='Preview'/> ";
echo "<input type='reset' name='reset' value='Reset'>";

echo "</form>";

}
?>[/code]

Obviously I cut the code down to simply things, but it does the same thing.

Any way to get this looking normal?

Thanks in advance :),
diode

michaellunsford · January 17, 2007

you can [code=php:0] echo "msgpreview: <br>".strip_tags($msgpreview)."<br><br>";[/code]

diode · January 17, 2007

It still didn't work. It's doing the same thing. Are forms even the correct way to go about doing this? Here is my code now:

[code]<?php
session_start();

$boardno=$_GET['boardno'];
$topicno=$_GET['topicno'];
$message = nl2br($_POST['message']);
$msgpreview = $message;
$sig = $_SESSION['signature'];

echo "message: <br>$message<br><br>";
echo "msgpreview: <br>$msgpreview<br><br>";

if ($message == '')
{

echo "<form action='try.php?boardno=$boardno&topicno=$topicno' method='post'>";

echo "Type your message below: <br><br>";
echo "<textarea name='message' rows=20 cols=80 wrap>\n\n---\n$sig</textarea>";

echo "<p><input type='submit' value='Preview'/> ";
echo "<input type='reset' name='reset' value='Reset'>";

echo "</form>";

} else
{

echo "<form action='msgredir.php?boardno=$boardno&topicno=$topicno' method='post'>";
echo "msgpreview: <br>".strip_tags($msgpreview)."<br><br>";
echo "<input type='hidden' name='message' value='$message'/>";
echo "<input type='submit' value='Post message'/>";

echo "</form>";

echo "<form action='try.php?boardno=$boardno&topicno=$topicno' method='post'>";

echo "Type your message below: <br><br>";
echo "<textarea name='message' rows=20 cols=80 wrap>$message</textarea>";

echo "<p><input type='submit' value='Preview'/> ";
echo "<input type='reset' name='reset' value='Reset'>";

echo "</form>";

}
?>[/code]

I really appreciate it,
diode

michaellunsford · January 17, 2007

I'm sorry -- I've got a dose of the stupids today... Think one thing, type another.

stripslashes($variable);

diode · January 17, 2007

With that, I am still getting the same thing. lol

diode

michaellunsford · January 17, 2007

worst case scenario you can str_replace("\\","",$variable);

kenrbnsn · January 17, 2007

Since you are using single quotes to delimit the value of the message in your form, if you have a single quote in the message it will terminate the value prematurely. The backslash is an escape character only in PHP (and MySQL), what you need to do is use the function [url=http://www.php.net/htmlentities]htmlentities[/url] with [b]ENT_QUOTES[/b] as the second parameter when you put the value in the form.
[code]<?php
echo "<form action='msgredir.php?boardno=$boardno&topicno=$topicno' method='post'>";
echo "msgpreview: <br>".strip_tags($msgpreview)."<br><br>";
echo "<input type='hidden' name='message' value='" . htmlentities($message,ENT_QUOTES) . "'/>";
echo "<input type='submit' value='Post message'/>";
?>[/code]

Ken

diode · January 17, 2007

Hey thanks, Ken. It now posts the complete message to the message list. But whenever there is a ' it still puts a slash before it.

How would the pros make a message preview screen before deciding to actually post the message? lol

Here is my code now:

[code]<?php
session_start();

$boardno=$_GET['boardno'];
$topicno=$_GET['topicno'];
$message = nl2br($_POST['message']);
$msgpreview = $message;
$sig = $_SESSION['signature'];

echo "message: <br>$message<br><br>";
echo "msgpreview: <br>$msgpreview<br><br>";

if ($message == '')
{

echo "<form action='try.php?boardno=$boardno&topicno=$topicno' method='post'>";

echo "Type your message below: <br><br>";
echo "<textarea name='message' rows=20 cols=80 wrap>\n\n---\n$sig</textarea>";

echo "<p><input type='submit' value='Preview'/> ";
echo "<input type='reset' name='reset' value='Reset'>";

echo "</form>";

} else
{

echo "<form action='msgredir.php?boardno=$boardno&topicno=$topicno' method='post'>";
// echo "$msgpreview";
// echo "msgpreview: <br>".strip_tags($msgpreview)."<br><br>";
echo "stripslashes($msgpreview)";

// echo "<input type='hidden' name='message' value='$stripslashes($message)'/>";
echo "<input type='hidden' name='message' value='" . htmlentities($message,ENT_QUOTES) . "'/>";

echo "<input type='submit' value='Post message'/>";

echo "</form>";

echo "<form action='try.php?boardno=$boardno&topicno=$topicno' method='post'>";

echo "Type your message below: <br><br>";

echo "<textarea name='message' rows=20 cols=80 wrap>$message</textarea>";

echo "<p><input type='submit' value='Preview'/> ";
echo "<input type='reset' name='reset' value='Reset'>";

echo "</form>";

}

?>

[/code]

Thanks :),
diode

kenrbnsn · January 17, 2007

You should always use the stripslashes() function on the incoming text. Only use the nl2br() function when you're displaying the text.

[code]<?php
$message = stripslashes($_POST['message']);
$msgpreview = $message;
?>[/code]
[code]<?php
echo "message: <br>nl2nbr($message)<br><br>";
echo "msgpreview: <br>nl2br($msgpreview)<br><br>";
?>[/code]

and
[code]<?php
echo "<input type='hidden' name='message' value='" . nl2br(htmlentities($message,ENT_QUOTES)) . "'/>";
?>[/code]

Ken

Sign In

Problem using forms, special characters seem to delimit, or shorten the message

Recommended Posts

diode

Link to comment

Share on other sites

michaellunsford

Link to comment

Share on other sites

diode

Link to comment

Share on other sites

michaellunsford

Link to comment

Share on other sites

diode

Link to comment

Share on other sites

michaellunsford

Link to comment

Share on other sites

kenrbnsn

Link to comment

Share on other sites

diode

Link to comment

Share on other sites

kenrbnsn

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information