PHP Form - Breaking HTML - PHP Server Side Scripting forum at WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

PHP Form - Breaking HTML

Tom_Cash

3:24 pm on Jul 20, 2010 (gmt 0)

Hi folks,
I am developing a CMS framework and have come across a basic problem that is really frustrating me.

I have a rich text editor in place so the user can upload images, add links, etc.

If the user added a page with an image, the following would be inserted into the DB:

Look at my widgets! <img src="image.jpg">

If the user later wants to edit this, the database puts this into the form for the user to edit - no problem.

However, if the user submits the page with an error (say the title is left empty) the form echos back the updated content with an error message. However, what was:

Look at my widgets! <img src="image.jpg">

Is now:

Look at my widgets! <img src=\"image.jpg\">

And it's breaking the code. I have no idea what this is and it's very frustrating! Could anyone help me please? I would REALLY appreciate it.

I've trimmed my code down to:

$body = $HTTP_POST_VARS['body'];

and it's still doing it...

Help!

Thanks in advance,
Tom.

Alcoholico

3:56 pm on Jul 20, 2010 (gmt 0)

Have you tried:

$body = stripslashes($HTTP_POST_VARS['body']);

?

[uk.php.net...]

Tom_Cash

4:09 pm on Jul 20, 2010 (gmt 0)

That worked perfectly! What a simple solution. I feel so silly. I didn't know of that function.

Thanks a LOT! I can stop pulling the left over of my hair out now.

sribasu

5:05 pm on Jul 20, 2010 (gmt 0)

Thanks Alcoholico.

Matthew1980

6:13 pm on Jul 20, 2010 (gmt 0)

Hi all,

$HTTP_POST_VARS['element_name']

Please don't use that global, this has been deprecated for ages (since php4.1.0[php.net ]), use the $_POST super global instead, although they are different things they access the same info, but for ease of code transportability use $_POST array instead, then you wont have error's flagged up warning you about using a deprecated predefined global.

So from Alcoholico's example use:-

$body = stripslashes($_POST['body']);

instead ;)

Cheers,
MRb

Alcoholico

8:39 pm on Jul 20, 2010 (gmt 0)

You're welcome Tom, many times we all have dumb problems with simple answerss which only require a couple of fresh eyes. Matthew, I fully agree, you are absolutely right, my apologies, I just was trying to give a simple, straight, non confusing answer, yes, $_POST is a better, non deprecated way to say $HTTP_POST_VARS, like $_GET for $HTTP_GET_VARS, $_ENV for $HTTP_ENV_VARS or $_COOKIE for $HTTP_COOKIE_VARS.

Matthew1980

8:55 pm on Jul 20, 2010 (gmt 0)

Hi there Alcoholico,

No need to apologise :) I just noted the reference, and just thought I would point it out because lots of reference books and tutorials still list the use of $HTTP_POST_VARS as the preferred method; comical really as the book I referenced a lot when I started stated that registered globals ($name as opposed to $_POST['name']) was the preferred method, it mentioned nothing about different server configs.

As you say though, a fresh pair of eye's is usually a good way to fix things :)

Cheers,
MRb

Tom_Cash

10:05 am on Jul 21, 2010 (gmt 0)

Although I know quite a lot of PHP, it's things like what Matthew said that slip the radar. I don't program on a daily basis you see. I can go weeks without having to use it, so I rareley learn such information but I do appreciate it.