Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Aug 2010
    Posts
    13
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Html escaping problem

    Hi all,

    I want to create my personal blog and to be able to put code in pre tags. I have created some functions for converting content for and from database.
    Basicaly the idea is tha same as

    this

    but this is not working in my pc. The created functions work on localhost(win7) but didn't work in my linux box(debian server)

    I use:
    Code:
    	function txt2db($s){
    		//$s = str_replace("'", "\'", $s ); // i don't need this since mysql auto escape single quotes (can't find and turn it off)
    		return $s;
    	}
    	
    	function db2txt($s){
    		// $s = str_replace("\'", "'", $s ); // alse not needed
    		// $s = str_replace("&lt;pre&gt;", "<pre>", $s );
    		// $s = str_replace("&lt;/pre&gt;", "</pre>", $s );
    		$s = preg_replace_callback(
    			 '#\<pre\>(.+?)\<\/pre\>#s',
    			create_function(
    			'$matches',
    			'return "<pre>".htmlentities($matches[1])."</pre>";'
    			),
    			$s
    		);
    		
    		$s = nl2br($s);
    		return $s;
    	}
    I think it is clear from the function names waht they do.

    The problem is that when save & lt; on database it appear < on my edit window and when I edit once an article all entities are converted in tags.

    Here is the result
    http://kdelchev.com/index.php?p=73

  • #2
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,535
    Thanks
    45
    Thanked 259 Times in 256 Posts
    Uh... mysql definitely DOES NOT auto escape anything. Sounds like you have magic quotes turned on, which needs to be turned off immediately and look into mysql_real_escape_string.

    As for your specific problem, I'll test it out. I use htmlentities just find on my server no problem. Can you show the code you use to insert the data into the server?

  • #3
    New Coder
    Join Date
    Aug 2010
    Posts
    13
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Here it is

    Code:
    if($_POST[cmd_post] == "post" ){
    	if ($_POST[cbo_load_post] == 0){
    		$sql_post = 'insert into cms_post_content(type, time, post_title, post_intro, post_content) 
    			values ( 
    				'.$_POST[cbo_type].',
    				\''.time().'\',
    				\''.(web::txt2db($_POST[txt_title])).'\',
    				\''.(web::txt2db($_POST[txt_intro])).'\',
    				\''.(web::txt2db($_POST[txt_content])).'\'
    			)';
    		//echo $sql_post;
    		$db->exec($sql_post);
    	}else{
    		$sql_post = 'update cms_post_content set
    						type = '.$_POST[cbo_type].',
    						time = '.time().',
    						post_title = \''.(web::txt2db($_POST[txt_title])).'\', 
    						post_intro = \''.(web::txt2db($_POST[txt_intro])).'\', 
    						post_content = \''.(web::txt2db($_POST[txt_content])).'\'
    					where sys_id = '.$_POST[cbo_load_post];
    		//echo $sql_post;
    		$db->exec($sql_post);
    	}
    }


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •