|
08-24-2004, 02:28 PM
|
#1 (permalink) | |||
|
Psycho
Location: Orlando, FL
|
formatting data from a database
So, I've created a website where users can comment on entries, their comments are stored in MySQL and then displayed under each entry. I'm not sure if I'm asking this correctly, but how do you format their entry on the site? What I mean, for example, is if someone types this in the form:
Quote:
Quote:
Quote:
|
|||
|
|
08-24-2004, 02:36 PM
|
#2 (permalink) |
|
Insane
Location: Wales, UK, Europe, Earth, Milky Way, Universe
|
Are you using php? If so, check out the functions nl2br() and htmlspecialchars()
That should give you something to start from.
__________________
There are only two industries that refer to their customers as "users". - Edward Tufte |
|
|
|
08-24-2004, 02:55 PM
|
#3 (permalink) |
|
paranoid
Location: The Netherlands
|
Most likely it is the browser that is at 'fault'.
try outputting the results from the database surrounded by PRE /PRE tags in the HTML code. That should keep whitespace formatting as it was entered. Try looking in the source of your webpage (rightclick->view source) and see wether the text was received correctly. If it is correct in the source (which means it was interpreted and sent correctly by the server) using PRE tags should work. Welshbyte's suggestion of nl2br() should work as well. It puts BR tags in the output, forcing the browser to start a new line.
__________________
"Do not kill. Do not rape. Do not steal. These are principles which every man of every faith can embrace. " - Murphy MacManus (Boondock Saints) |
|
|
|
08-24-2004, 05:27 PM
|
#5 (permalink) |
|
Junkie
|
I find that nl2br() doesn't convert Windows' \r\n endline sequence in POST data to an HTML <br> tag on some systems. Maybe it's because they have older PHP versions. If this happens to you, here's a workaround:
PHP Code:
|
|
|
|
08-24-2004, 06:58 PM
|
#6 (permalink) |
|
beauty in the breakdown
Location: Chapel Hill, NC
|
This may help. Basically, it converts characters that HTML doesnt like (ampersand and the like) to their HTML counterparts.
Basically, you needed the nl2br() function because the data was being stored with newline characters instead of <br> tags. Because HTML doesnt recognize the newline characters, it was displaying it all on one line.
__________________
"Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws." --Plato |
|
|
|
08-25-2004, 04:01 AM
|
#7 (permalink) |
|
Insane
Location: Wales, UK, Europe, Earth, Milky Way, Universe
|
You also might want to think about using these functions and/or maybe some other string functions (see php manual) to purify the input text _before_ you send it to the database to avoid the chances of SQL injection exploits. There's also a good chapter on this in the security section of the php manual. Its all on http://www.php.net as sailor pointed out
__________________
There are only two industries that refer to their customers as "users". - Edward Tufte |
|
|
|
08-26-2004, 12:39 PM
|
#9 (permalink) | |
|
Junkie
|
Quote:
In addition to SQL injections, you're going to want to do something about people posting HTML that contains malicious scripts and ActiveX objects. That's why all of these forum programs use the funky "bbCode" square bracket markup. |
|
|
|
| Tags |
| data, database, formatting |
|
|
