Posting to DB

[mcmuney]

When I post comments in a text area, an entry of "<img src="abc.jpg">" appears in the DB as "<img src=\"\">" and when the DB results are displayed, it shows this "<img src="abc.jpg">" instead of the image. I'd like to display the image, what do I need to do?

[phat_hip_prog]

Do you mean that you want an image in a textbox?

[redarrow]

you put the image name in the database  then  use a loop and point to the image useing img src.

 

redarrow

[mcmuney]

No, I want to input an image source in a textarea form, which saves the text in the DB and displayed on a separate page. But on that page, I want it to display the image, instead of displaying the source. For example, if I input <img src="abc.jpg">, I want it to display the image where the result is displayed. But currently, it just shows "<img src="abc.jpg"> and doesn't show the html as an image.

[redarrow]

html iframe.

[phat_hip_prog]

Just to clarify, your not trying to display the image inside a textbox, because that isn't possible... (not sure if this is what you mean!)

[mcmuney]

You're not getting it, here's my code:

 

$sql_comm="INSERT INTO `sc_postcomment_member` ( `scm_mem_id`, `comment`, `post_date`, `comm_from`) VALUES ('$scm_mem_id', '$txt_comment', UNIX_TIMESTAMP(), '$social_mem_id')"; 

 

Where "$txt_comment" is what I type in the textarea of the form.

 

But when I input <img src="abc.jpg" for example, the DB writes <img src=""> BUT I want it to write <img src="abc.jpg"> instead.

 

You see, the script is converting < into < and I don't want it to.

[phat_hip_prog]

Not sure why it's doing that, it doesn't do it for me. A long way could be to use str_replace when getting it out. Another thing with the quotes, you might want to use:

$sret = mysql_real_escape_string($sret);	//	check for injection attacks

[redarrow]

link

 

http://uk.php.net/manual/el/function.htmlentities.php

 

<?php

$str = "A 'quote' is <b>bold</b>";

 

// Outputs: A 'quote' is <b>bold</b>

echo htmlentities($str);

 

// Outputs: A 'quote' is <b>bold</b>

echo htmlentities($str, ENT_QUOTES);

?>

 

link

http://uk.php.net/manual/el/function.html-entity-decode.php

<?php

$orig = "I'll \"walk\" the <b>dog</b> now";

 

$a = htmlentities($orig);

 

$b = html_entity_decode($a);

 

echo $a; // I'll "walk" the <b>dog</b> now

 

echo $b; // I'll "walk" the <b>dog</b> now

 

 

// For users prior to PHP 4.3.0 you may do this:

function unhtmlentities ($string)

{

   $trans_tbl = get_html_translation_table (HTML_ENTITIES);

   $trans_tbl = array_flip ($trans_tbl);

   return strtr ($string, $trans_tbl);

}

 

$c = unhtmlentities($a);

 

echo $c; // I'll "walk" the <b>dog</b> now

 

?>

 

 

lookup stripslases and addslases and mysql_escape_string

 

[phat_hip_prog]

Very good... almost geeky! Never used decode, should solve a problem I had the other day... cheers (Yiamas)

[mcmuney]

"html_entity_decode" did the trick. Thanks.