PDA

View Full Version : PHP Gurus....nl2br works great .... but!!


kona72
09-25-2006, 11:17 PM
Hey All,
I have been creating my own CMS to an extent for some of my clients using PHP MySQL and using add, edit and delete pages but i have hit a small snag with the nl2br function. The problem is that when the intial add is made it adds the
tag which is great!! BUT when I try to update the existing content it adds another
tag were ever it sees a line break....

basically I guess what I am asking is if there is any way to strip the
tags before the php calls it form the DB to be displayed?

Here is my add code....

<?php require_once('../Connections/carlyhenry.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO blog (entrydate, title, content) VALUES (%s, %s, %s)",
GetSQLValueString($_POST['entrydate'], "text"),
GetSQLValueString($_POST['title'], "text"),
GetSQLValueString(nl2br($_POST['content']), "text"));

mysql_select_db($database_carlyhenry, $carlyhenry);
$Result1 = mysql_query($insertSQL, $carlyhenry) or die(mysql_error());

$insertGoTo = "success.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}?>


And here is my edit page code.......


<?php require_once('../Connections/carlyhenry.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE blog SET entrydate=%s, title=%s, content=%s WHERE rec_num=%s",
GetSQLValueString($_POST['entrydate'], "text"),
GetSQLValueString($_POST['title'], "text"),
GetSQLValueString(nl2br($_POST['content']), "text"),
GetSQLValueString($_POST['rec_num'], "int"));

mysql_select_db($database_carlyhenry, $carlyhenry);
$Result1 = mysql_query($updateSQL, $carlyhenry) or die(mysql_error());

$updateGoTo = "success.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}

$colname_rsEdit = "-1";
if (isset($_GET['rec_num'])) {
$colname_rsEdit = (get_magic_quotes_gpc()) ? $_GET['rec_num'] : addslashes($_GET['rec_num']);
}
mysql_select_db($database_carlyhenry, $carlyhenry);
$query_rsEdit = sprintf("SELECT * FROM blog WHERE rec_num = %s", GetSQLValueString($colname_rsEdit, "int"));
$rsEdit = mysql_query($query_rsEdit, $carlyhenry) or die(mysql_error());
$row_rsEdit = mysql_fetch_assoc($rsEdit);
$totalRows_rsEdit = mysql_num_rows($rsEdit);
?>

davidj
09-26-2006, 08:28 AM
ok

PHP has a function built in to handle this

Its called.....

strip_tags

strip_tags($text); // this will remove all tags

you can include a 2nd param which will allow a tag...

strip_tags($text, '
'); // this will remove all tags but allow

kona72
10-02-2006, 05:16 PM
Hey DJ....

You are dealing with a PHP amateur here....
I have tried countlessly to implement this but can't figure out where i would put these functions...

Can you help out??

Thanks!!

davidj
10-03-2006, 08:36 AM
no probs

where you have your text field where you are displaying the db text you will have a variable

example ...
<textarea name="textfield" rows="5" >
<?php echo $row['table_field']; ?>
</textarea>
Change to this
<textarea name="textfield" rows="5" >
<?php echo strip_tags($row['table_field']); ?>
</textarea>

kona72
10-03-2006, 05:16 PM
Hey DJ,
Works like a charm!!
now... how do i get it to allow some tags?

I tried this....and a couple other configurations but no go....

<?php echo strip_tags('<a href>','</a>'($row_rsEventedit['content'])); ?>

Thanks!!

davidj
10-04-2006, 09:22 AM
echo strip_tags($row_rsEventedit['content'], '


'); // << etc

davidj
10-04-2006, 09:27 AM
i can see by your example and i am guessing you want an <a href tag rendered inside your text area as a clickable link.

if this is the case your going to have problems

domedia
10-04-2006, 01:50 PM
TEXTAREA can only contain text, no HTML allowed. What were you planning to do with the content of the TEXTAREA anyways?

kona72
10-04-2006, 02:27 PM
Hey Guys,

After some more research, I got it to work. I used the str_replace function....

<?php echo str_replace("
","",$row_rsEventedit['content']); ?>

Works great... It allows the administrator to add links and gets rid of those pesky
tags....

Thanks for all the help!!

davidj
10-10-2006, 04:22 PM
nice

dont ya just love PHP