Forum Moderators: coopster
here is the script for input
$varia = $_POST['notes'];
function var_html_encode($varia) {
$varia=rtrim($varia); $varia=ltrim($varia);
$varia=str_replace("'","",$varia);
$varia=str_replace("<br>","\r\n",$varia);
$varia=htmlentities($varia,ENT_QUOTES,"utf-8");
return $varia; }
here is the script for output
$txt2=str_replace("'","",$myrow4['notes']);
$txt2=preg_replace( "/\r\n/", "<br />", $txt2 );
$lastupdated = $myrow4['notes_last_updated'];
so i need to allow users to type something like this
he said "hello" and i ran like a rabid dog
any ideas guys, i was thinking adding something like this
$varia=str_replace(""","",$varia);
but that causes script errors
$varia=str_replace(""","",$varia);
$varia=str_replace("\"","",$varia); Or
$varia=str_replace('"',"",$varia); // single quotes
That will stop the script errors.
If you use " to mark the start and stop of your string then you can use an unescaped " in that string. As the engine gets confused and thinks that the middle ", in your example, is the end of the string. So either escape or use ' to mark the string boundary.
I prefer trying to avoid escaping as I think it reduces the readability of the code, but that is just a personal thing.
<edit>
In your input function you are using both ltrim and rtrim. You could just use trim [uk.php.net] as that strips the same characters from both sides, as opposed to using both ltrim and rtrim to strip each side individually.
[edited by: PHP_Chimp at 9:10 am (utc) on May 20, 2008]
