Jump to content

htmlcleaning not working.


rofl90

Recommended Posts

Ok so I have this which I want to input into a database:

 

Btw the class thingy is http://htmlpurifier.org/

 

<?php
if(isset($_POST['add'])) {

$extra = $_POST['contactname'];
$email = $_POST['email'];
$title = $_POST['subject'];
$message = $_POST['message'];
$tox = '1';
$fromx = '0';
$time = time();

$sql = "insert into messages(title, message, fromx, tox, time, email, extra) VALUES('$title', '$message', '$fromx', '$tox', '$time', '$email', '$extra')";
mysql_query($sql) or die(mysql_error());
echo "Message Sent!<br />We will get back to you within 48 hours.";
}
?>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table width="400" border="0" cellspacing="4" cellpadding="2">
  <tr>
    <td><fieldset><legend>Name</legend><input type="text" name="contactname" id="clientname" style="width:100%; margin:auto;"  /></fieldset></td>
    <td><fieldset><legend>Email</legend><input type="text" name="email" id="clientname" style="width:100%; margin:auto;"  /></fieldset></td>
  </tr>
  <tr>
    <td colspan="2"><fieldset><legend>Subject</legend><input type="text" name="subject" id="clientname" style="width:100%; margin:auto;" /></fieldset></td>
  </tr>
  <tr>
    <td colspan="2"><fieldset><legend>Message</legend><textarea name="message" cols="9" rows="8" id="newsedit" style="width:100%; margin:auto;" ></textarea></fieldset></td>
  </tr>
  <tr>
    <td colspan="2"><fieldset><legend>Submit</legend><input type="submit" name="add" id="add" /></fieldset></td>
  </tr>
</table>
</form>

 

This is how its being put it

 

<?php
if(isset($_POST['add']))
{

require_once '../htmlcleaner/library/HTMLPurifier.auto.php';
$purifier = new HTMLPurifier();

$title = $_POST['title'];
$title = mysql_real_escape_string($purifier->purify($title));
$content = $_POST['content'];
$content = mysql_real_escape_string($purifier->purify($content));

$query = "UPDATE contact SET title='$title', content='$content'";
mysql_query($query) or die(mysql_error());

echo "Updated content!";
}
else
{
?>
<form method="post">
  <p>Editing: 'Contact'</p>
  <table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Title</td>
<td><input name="title" type="text" id="title" value="<?php
$result = mysql_query("SELECT * FROM contact") or die(mysql_error()); 
$row = mysql_fetch_array($result);
echo $row['title'];
?>"></td>
</tr>
<tr>
<td width="100">Content</td>
<td><textarea name="content" rows="12" id="content" type="text"><?php
$result = mysql_query("SELECT * FROM contact") or die(mysql_error()); 
$row = mysql_fetch_array($result);
echo $row['content'];
?></textarea></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td><input name="add" type="submit" id="add" value="Submit"></td>
</tr>
</table>
</form>

 

And it the html output is:

 

		<h1>Contact</h1><p>We will get back to you within 48 hours.\";
}
?>
\">
<table><tr><td>Name</td>
    <td>Email</td>

  </tr><tr><td>Subject</td>
  </tr><tr><td>Message</td>
  </tr><tr><td>Submit</td>
  </tr></table>

Link to comment
https://forums.phpfreaks.com/topic/95177-htmlcleaning-not-working/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.