|
|
Posted by Andy Dingley on 09/19/06 21:42
1995 Cobra wrote:
> They
> click save and the data is written to a MySQL database. I then display
> their input on a separate page with vbscript.
Hopefully that's server-side VBScript under ASP ?
> Problem is, no matter what they have typed it is displayed as one long
> paragraph. Any ideas
No, of course not. We can't see your site, you didn't give us a URL to
it. We need this!
In particular we need to see what the returned output is. Clearly it
has lost any sort of <p> tag in the returned HTML. Where did they go?
Did they get converted to <p> ? Stripped out ? Never got
generated in the first place, if users simply entered linebreaks?
> or tutorials on getting over this
Dump VBScript. If you're using ASP, then learn JScript instead (a
dialect of JavaScript).
See it as two problems. Get a HTML page that works and is styled how
you want it. Then make a JScript program that creates this page. If you
have a display problem (like this), then debug it
_as_a_static_HTML_page_ first.
Be very careful about separating "content" and "sanitised content" and
"content encoded as HTML ready to write to the browser". It's common to
use a naming convention on your variables to make this self-evident.
You don't want to risk "double encoding" errors.
Be very careful about what you let people enter and store in the
database. Can they enter the string "'; DROP TABLE <foo>" ? Do you
even know why I'm asking ?
Consider throwing it away and downloading something ready-made (almost
any blog). This is _not_ an easy problem to do in a secure and
hacker-proof manner.
[Back to original message]
|