Jump to content

Problem using forms, special characters seem to delimit, or shorten the message

diode

By diode
in PHP Coding Help

 Share

Recommended Posts

diode Member

diode

Posted
Posted
Hello,

I had this working, and I accidentally changed some things, thinking it was a different file, and saved it, now I'm stuck. What I'm trying to do is fix my page where it is supposed to let you type your message, then when you click on 'Preview', it loads the same page, only with a table cell containing the message you just typed.

The problem is, when you type something with special characters in it, such as, "I'm posting this message.", when you click on 'Preview', it will show, "I/'m posting this message."

And when I go to post it after I preview it, the message list shows it as, "I/'m" and that's it. I've spent hours trying to figure it out.

Here is my the code portion that deals with posting a message:
[code]
<?php
session_start();

$boardno=$_GET['boardno'];
$topicno=$_GET['topicno'];
$message = nl2br($_POST['message']);
$msgpreview = $message;
$sig = $_SESSION['signature'];

echo "message: <br>$message<br><br>";
echo "msgpreview: <br>$msgpreview<br><br>";

                if ($message == '')
                  {

                        echo "<form action='try.php?boardno=$boardno&topicno=$topicno' method='post'>";

                          echo "Type your message below: <br><br>";
                          echo "<textarea name='message' rows=20 cols=80 wrap>\n\n---\n$sig</textarea>";

                          echo "<p><input type='submit'                  value='Preview'/> ";
                          echo "<input    type='reset'  name='reset'    value='Reset'>";

                        echo "</form>";

                  } else
                      {

                            echo "<form action='msgredir.php?boardno=$boardno&topicno=$topicno' method='post'>";
                                  echo "$msgpreview";

                                  echo "<input type='hidden' name='message' value='$message'/>";
                                echo "<input type='submit'                  value='Post message'/>";

                            echo "</form>";

                                echo "<form action='try.php?boardno=$boardno&topicno=$topicno' method='post'>";

                                  echo "Type your message below: <br><br>";
                                  echo "<textarea name='message' rows=20 cols=80 wrap>$message</textarea>";

                                  echo "<p><input type='submit'                  value='Preview'/> ";
                                  echo "<input    type='reset'  name='reset'    value='Reset'>";

                                echo "</form>";

                    }
?>[/code]

Obviously I cut the code down to simply things, but it does the same thing.

Any way to get this looking normal?

Thanks in advance :),
diode
Link to comment
Share on other sites
diode Member

diode

Posted
  • Author
Posted
It still didn't work. It's doing the same thing. Are forms even the correct way to go about doing this? Here is my code now:

[code]<?php
session_start();

$boardno=$_GET['boardno'];
$topicno=$_GET['topicno'];
$message = nl2br($_POST['message']);
$msgpreview = $message;
$sig = $_SESSION['signature'];

echo "message: <br>$message<br><br>";
echo "msgpreview: <br>$msgpreview<br><br>";

                if ($message == '')
                  {

                        echo "<form action='try.php?boardno=$boardno&topicno=$topicno' method='post'>";

                          echo "Type your message below: <br><br>";
                          echo "<textarea name='message' rows=20 cols=80 wrap>\n\n---\n$sig</textarea>";

                          echo "<p><input type='submit'                  value='Preview'/> ";
                          echo "<input    type='reset'  name='reset'    value='Reset'>";

                        echo "</form>";

                  } else
                      {

                            echo "<form action='msgredir.php?boardno=$boardno&topicno=$topicno' method='post'>";
                                echo "msgpreview: <br>".strip_tags($msgpreview)."<br><br>";
                                echo "<input type='hidden' name='message' value='$message'/>";
                                echo "<input type='submit'                  value='Post message'/>";

                            echo "</form>";

                                echo "<form action='try.php?boardno=$boardno&topicno=$topicno' method='post'>";

                                  echo "Type your message below: <br><br>";
                                  echo "<textarea name='message' rows=20 cols=80 wrap>$message</textarea>";

                                  echo "<p><input type='submit'                  value='Preview'/> ";
                                  echo "<input    type='reset'  name='reset'    value='Reset'>";

                                echo "</form>";

                    }
?>[/code]

I really appreciate it,
diode
Link to comment
Share on other sites
kenrbnsn Regular Member

kenrbnsn

Posted
Posted
Since you are using single quotes to delimit the value of the message in your form, if you have a single quote in the message it will terminate the value prematurely. The backslash is an escape character only in PHP (and MySQL), what you need to do is use the function [url=http://www.php.net/htmlentities]htmlentities[/url] with [b]ENT_QUOTES[/b] as the second parameter when you put the value in the form.
[code]<?php
                            echo "<form action='msgredir.php?boardno=$boardno&topicno=$topicno' method='post'>";
                                echo "msgpreview: <br>".strip_tags($msgpreview)."<br><br>";
                                echo "<input type='hidden' name='message' value='" . htmlentities($message,ENT_QUOTES) . "'/>";
                                echo "<input type='submit'                  value='Post message'/>";
?>[/code]

Ken
Link to comment
Share on other sites
diode Member

diode

Posted
  • Author
Posted
Hey thanks, Ken. It now posts the complete message to the message list. But whenever there is a ' it still puts a slash before it.

How would the pros make a message preview screen before deciding to actually post the message? lol

Here is my code now:

[code]<?php
session_start();

$boardno=$_GET['boardno'];
$topicno=$_GET['topicno'];
$message = nl2br($_POST['message']);
$msgpreview = $message;
$sig = $_SESSION['signature'];

echo "message: <br>$message<br><br>";
echo "msgpreview: <br>$msgpreview<br><br>";

                if ($message == '')
                  {

                        echo "<form action='try.php?boardno=$boardno&topicno=$topicno' method='post'>";

                          echo "Type your message below: <br><br>";
                          echo "<textarea name='message' rows=20 cols=80 wrap>\n\n---\n$sig</textarea>";

                          echo "<p><input type='submit'                  value='Preview'/> ";
                          echo "<input    type='reset'  name='reset'    value='Reset'>";

                        echo "</form>";

                  } else
                      {

                            echo "<form action='msgredir.php?boardno=$boardno&topicno=$topicno' method='post'>";
//                                  echo "$msgpreview";
//                                  echo "msgpreview: <br>".strip_tags($msgpreview)."<br><br>";
                                  echo "stripslashes($msgpreview)";

//                                  echo "<input type='hidden' name='message' value='$stripslashes($message)'/>";
                                echo "<input type='hidden' name='message' value='" . htmlentities($message,ENT_QUOTES) . "'/>";

                                echo "<input type='submit'                  value='Post message'/>";

                            echo "</form>";

                                echo "<form action='try.php?boardno=$boardno&topicno=$topicno' method='post'>";

                                  echo "Type your message below: <br><br>";

                                  echo "<textarea name='message' rows=20 cols=80 wrap>$message</textarea>";

                                  echo "<p><input type='submit'                  value='Preview'/> ";
                                  echo "<input    type='reset'  name='reset'    value='Reset'>";

                                echo "</form>";

                    }




?>

[/code]

Thanks :),
diode
Link to comment
Share on other sites
kenrbnsn Regular Member

kenrbnsn

Posted
Posted
You should always use the stripslashes() function on the incoming text. Only use the nl2br() function when you're displaying the text.

[code]<?php
$message = stripslashes($_POST['message']);
$msgpreview = $message;
?>[/code]
[code]<?php
echo "message: <br>nl2nbr($message)<br><br>";
echo "msgpreview: <br>nl2br($msgpreview)<br><br>";
?>[/code]

and
[code]<?php
echo "<input type='hidden' name='message' value='" . nl2br(htmlentities($message,ENT_QUOTES)) . "'/>";
?>[/code]

Ken

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.