Reply to Re: br html line breaks and htmlentitities

Your name:

Reply:


Posted by Richard Levasseur on 10/15/47 11:54

pittendrigh wrote:
> I have a home-rolled forum, written in php, based
> on some old cgi code written by a guy named David Turely.
> Works just fine.
>
> However, when reading user-supplied input I use 'addslashes'
> to clean the possibly tainted data.
>
> On subsequent displays the user-supplied data comes
> off the file system, so I do a stripslashes and then
> an addslashes (prevents single quotes from multiplying
> in quoted parts of the threads).
>
> However, this does put one annoying slash before single
> quote in the text, that looks ugly in the output.
>
> If I use htmlentities on the data instead of addslashes,
> everythink looks fine, except for incoming newlines,
> which don't translate into real <br/> tags,
> so the text all runs together as one long sentance.
>
> If anybody understands what I'm gibbering about,
> maybe they also have a solution:
>
> How do I scrub user-supplied input so it is safe to
> display, and so single quotes are not visually escaped,
> and so real <br/> tags appear at the end of each line?
>
> Seems to me like regular expressions allowing real html
> for <br/> tags *only* has to be part of the deal. But I
> don't know how to handle the ugly, visually escaped
> single quotes.


You can use nl2br() for changing newlines to <br/> (actually, i think
nl2br() *may* respect the current DTD, but don't quote me on that).

You can use htmlentities to santize the data.

The additional slash may be coming from the "magic quotes" options of
PHP.
See http://us2.php.net/manual/en/security.magicquotes.php for more
information. Make sure it is turned off because it causes headaches
like the ones you describe.

What may have happened by now is that you've been running with magic
quotes enabled, so a portion of your data contains a literal \'. If
thats the case, you'll have to identify those records and fix them
manually since its not a display bug, its a problem with the data.
Very annoying, i know. A simple find/replace for \' should be able to
fix it, more or less.

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация