Hi PHP Gurus, I have been facing a problem with PHP forms. I have created a form to take inputs from users i.e. user comments and have to display it. But the comments user provide will always display in a single line. For example, if user comment has couple of new line characters then all will come and display in a single line. main.php code <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>PHP Test</title> <link href="test.css" type="text/css" media="screen" rel="stylesheet"> </head> <body> <form action="welcome.php" method="post"> <label for="user" >Name</label> <input type="text" name="user" value="" /><br /> <label for="emailaddress">Email Address:</label> <input type="text" name="emailaddress" value="" /> <font color="red">(will not be published)<br /> <label for=\"webaddress\">Web Address</label> <input type="text" name="url" value="" /><br /> <label for="comments">Comments:</label> <textarea name="comments"></textarea><br /> <label for="terms">Agree to Terms?</label> <input type="checkbox" name="terms" class="boxes" /><br /> <input type="hidden" name="pid" value='$pid' /><br /> <input type="submit" name="submitbutton" id="submitbutton" value="Submit" /> </form> </body> </html> Code (markup): comhandler.php code <html> <body> <?php $userName = $_POST['user']; $userMail = $_POST['emailaddress']; $userUrl = $_POST['url']; $userComment = $_POST['comments']; $userFilteredComment = htmlentities($userComment); echo "$userName"; echo "<br />"; echo "$userMail"; echo "<br />"; echo "$userUrl"; echo "<br />"; echo "$userFilteredComment"; echo "<br />"; echo "$magicString"; ?> </body> </html> Code (markup): I want to display as user entered.. For example, consider user provides comment as below: ---------------------------- Awesome.... wonderful Thanks ------------------------------ There are one newline after 1st sentence, 3 newlines after 2nd sentence... With my original code, the above comment will display everything in a single line as: Awesome.... wonderful Thanks but i want to output in the same input format... Please guide me...as i m a newbie to PHP. Your quick response will be appreciated...!! Thanks in advance ..!!
This will work. But another problem is to filtered the user code provided as a part of comment. For example, someone tries to provide a spam input as <script type='text/javascript'> window.location = 'http://www.spamsite.com/' </script>'"; Code (markup): to avoid this i have to used below code before displaying comment $userFilteredComment = htmlentities($userComment); Code (markup): so how to display newline now ??
i found a way to display this... $userFilteredComment = htmlentities($userComment); $userFilteredComment = nl2br($userFilteredComment); Code (markup): but now the issue is, MYSQL query got failed when i am trying to write this '$userFilteredComment' in table.
I would just use the HTML <pre> tag. That way you would treat the code as preformatted and won't need to worry about new lines. I think it should work with scripts too, but I'm not sure. I'll check it out and get back to you.
Oops. Javascript still work. You could always search the comment string for illegal characters - maybe disallow '<' and '>' - you can do this using javascript before submitting the form or with PHP before storing or displaying the data. I hope this helps.
Well, we can use but "This function is deprecated." see: http://au.php.net/mysql_escape_string Is there any other way ??
Sorry. the right one is string mysql_real_escape_string ( string $unescaped_string [, resource $link_identifier] ) Code (markup):
Thanks Xcap for your help.... it helps me... a lot.... http://au.php.net/manual/en/function.mysql-real-escape-string.php Thanks again ..!!