Go Back   CodingForums.com > :: Server side development > PHP
Reload this Page Html escaping problem

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 11-23-2010, 08:25 PM   PM User | #1
kode
New Coder

 
Join Date: Aug 2010
Posts: 13
Thanks: 1
Thanked 0 Times in 0 Posts
kode is an unknown quantity at this point
Html escaping problem
Hi all,

I want to create my personal blog and to be able to put code in pre tags. I have created some functions for converting content for and from database.
Basicaly the idea is tha same as

this

but this is not working in my pc. The created functions work on localhost(win7) but didn't work in my linux box(debian server)

I use:
Code:
	function txt2db($s){
		//$s = str_replace("'", "\'", $s ); // i don't need this since mysql auto escape single quotes (can't find and turn it off)
		return $s;
	}
	
	function db2txt($s){
		// $s = str_replace("\'", "'", $s ); // alse not needed
		// $s = str_replace("&lt;pre&gt;", "<pre>", $s );
		// $s = str_replace("&lt;/pre&gt;", "</pre>", $s );
		$s = preg_replace_callback(
			 '#\<pre\>(.+?)\<\/pre\>#s',
			create_function(
			'$matches',
			'return "<pre>".htmlentities($matches[1])."</pre>";'
			),
			$s
		);
		
		$s = nl2br($s);
		return $s;
	}
I think it is clear from the function names waht they do.

The problem is that when save & lt; on database it appear < on my edit window and when I edit once an article all entities are converted in tags.

Here is the result
http://kdelchev.com/index.php?p=73
__________________
kdelchev.com
kode is offline   Reply With Quote
Old 11-23-2010, 08:33 PM   PM User | #2
Keleth
Senior Coder

 
Join Date: Jun 2008
Location: New Jersey
Posts: 2,353
Thanks: 45
Thanked 247 Times in 244 Posts
Keleth is on a distinguished road
Uh... mysql definitely DOES NOT auto escape anything. Sounds like you have magic quotes turned on, which needs to be turned off immediately and look into mysql_real_escape_string.

As for your specific problem, I'll test it out. I use htmlentities just find on my server no problem. Can you show the code you use to insert the data into the server?
Keleth is offline   Reply With Quote
Old 11-23-2010, 08:41 PM   PM User | #3
kode
New Coder

 
Join Date: Aug 2010
Posts: 13
Thanks: 1
Thanked 0 Times in 0 Posts
kode is an unknown quantity at this point
Here it is

Code:
if($_POST[cmd_post] == "post" ){
	if ($_POST[cbo_load_post] == 0){
		$sql_post = 'insert into cms_post_content(type, time, post_title, post_intro, post_content) 
			values ( 
				'.$_POST[cbo_type].',
				\''.time().'\',
				\''.(web::txt2db($_POST[txt_title])).'\',
				\''.(web::txt2db($_POST[txt_intro])).'\',
				\''.(web::txt2db($_POST[txt_content])).'\'
			)';
		//echo $sql_post;
		$db->exec($sql_post);
	}else{
		$sql_post = 'update cms_post_content set
						type = '.$_POST[cbo_type].',
						time = '.time().',
						post_title = \''.(web::txt2db($_POST[txt_title])).'\', 
						post_intro = \''.(web::txt2db($_POST[txt_intro])).'\', 
						post_content = \''.(web::txt2db($_POST[txt_content])).'\'
					where sys_id = '.$_POST[cbo_load_post];
		//echo $sql_post;
		$db->exec($sql_post);
	}
}
__________________
kdelchev.com
kode is offline   Reply With Quote
Reply

Bookmarks

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 07:00 AM.
Advertisement
Log in to turn off these ads.