Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2

Thread: Outputting HTML

  1. #1
    Regular Coder
    Join Date
    Aug 2006
    Posts
    311
    Thanks
    0
    Thanked 1 Time in 1 Post

    Outputting HTML

    I have a form that I would like for people to be able to add HTML. But when I put in a link(<a href="www.yahoo.com">yahoo.com</a>) it outputs the whole string and not just the HTML.

    What I would like to do is have it so the if someone inputs www.yahoo.com it will automatically make it a link.

    So my two questions are how do I make it so that I can add HTML and how can I make it so that it automatically makes the URL a link.

    Here is the code that I am using right now without the form.

    PHP Code:
    <?
    if($_GET['action']==preview){
    $sql_query "SELECT member_id from experts_post_answer WHERE forum_post_id={$_GET['id']} AND member_id={$_SESSION['member_id']}";
    $sql=mysql_query($sql_query) or die(mysql_error());
    $num_rows=mysql_num_rows($sql); 


    if(
    $num_rows!=0){
    echo 
    'you have already entered an answer for this question.  Only one answer allowed.';
    }
    else {
    echo 
    $_POST['url'];
    echo 
    '<h2>Preview your answer</h2>';
    echo 
    '<table width="90%" border="0" cellspacing="5">
     
        <td width="25%">Question</td>
        <td bgcolor="fff883"><div style="margin-left:10px;margin-top:15px;margin-bottom:15px;"><strong>'
    .$_POST['heading'].'</strong></div><div style="position:relative;margin-left:25px;margin-top:15px;margin-bottom:15px;">'.$_POST['question'].'</div></td>
        </tr>
        
        <tr>
        <td>You are:</td>
        <td  bgcolor="fff883"><div style="margin-left:10px;margin-top:15px;margin-bottom:15px;">'
    .$_SESSION['member_name'].'</div></td>
        </tr>
        <tr>
        <td >Your answer:</td>
         <td  bgcolor="fff883"><div style="margin:10px;">'
    .$_POST['answer'].'</div></td>
      </tr>
      <tr>
        <td ></td> <td>
        
         <form action="/modify_question/modify" method="post">
           <input name="heading" type="hidden" value="'
    .$_POST['heading'].'" />
          <input name="question" type="hidden" value="'
    .$_POST['question'].'" />
           <input name="answer" type="hidden" value="'
    .$_POST['answer'].'" />
            <input name="url" type="hidden" value="'
    .$_POST['url'].'" />
          <input name="submit" type="submit" value="Modify" /></form>
         
          <form action="/answered/insert/'
    .$ncat_id.'/'.$f_id.'/'.$post_id1.'" method="post">'?>
          
         <input name="heading" type="hidden" value="<?=$_POST['heading']?>" />
          <input name="question" type="hidden" value="<?=$_POST['question']?>" />
           <input name="answer" type="hidden" value="<?=$_POST['answer']?>" />
           <input name="url" type="hidden" value="<?=$_POST['url']?>" />
          <input name="submit" type="submit" value="Submit Question" /></form>
          
           
    </td>
      </tr>
    </table></form>
    <?
    }

    }
    ?>

  • #2
    Mega-ultimate member
    Join Date
    Jun 2002
    Location
    Winona, MN - The land of 10,000 lakes
    Posts
    1,855
    Thanks
    1
    Thanked 45 Times in 42 Posts
    I think what you're going to need to use is a regular expression.

    Something like this...

    PHP Code:
        $text $_POST['answer']; //or whatever other variable you want
        
    $text preg_replace('=(\s|^)(((.*:)?.*@)?www\.[a-z0-9\-._~/%&\?\=#;]+)(\s|$)=ie''"$1<a href=\"http://$2\" target=\"_blank\">$2</a>$5"'$text); 
    On a side note, your query is extremely vunerable to SQL injection hacks. Something like...

    http://localhost/index.php?id=1;drop table TABLE_NAME;SELECT * FROM TABLE_NAME WHERE 1

    would drop / delete the table named "TABLE_NAME" from your database

    Better to do something like this...

    PHP Code:
    $id preg_replace("/\D/","",$_GET['id']); 
    or some other filtering to make sure that it's valid data.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •