...

View Full Version : Storing & Retrieving messages from the database



dacoder96
04-20-2011, 02:11 AM
Hi,

I have developed my own messaging system and I would like some help on how to store posts that users make.
At the moment they are stored in the database with nl2br() being executed on the message BEFORE it is stored. Users have discovered the HTML entities loop hole and I need to fix it ASAP. If I use htmlentities() then all <br /> tags are going to be converted, which will mess up the output because everything is put onto one line.

So I need a way to output the messages so that multi-line works normally but they can't use HTML tags.

Does anybody know how to do this? I am guessing it will require me to leave \n in the database version and on output, convert it to <br />

Thanks.

ShaneC
04-20-2011, 02:44 AM
I believe a common method is to use htmlentities after the nl2br.

As such:


<?php

$forDB = nl2br( htmlentities( $_POST['message'] ) );

?>


Don't forget to also sanitize your input using a function such as mysql_real_escape_string() (http://php.net/manual/en/function.mysql-real-escape-string.php)

dacoder96
04-20-2011, 03:37 AM
Works brilliantly! Thank you!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum