Textarea, and textfield problems

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
smixcer
Forum Newbie
Posts: 5
Joined: Fri Jan 30, 2009 5:09 am

Textarea, and textfield problems

Post by smixcer »

Its funny the problem i am encountering.
When i send a text into the database by using the text or textarea form element, i then try to retrieve that text back and place it into that same textfield or textarea, i encounter problems.
To explain the problem in a shorter way, assuming i have a text value stored in a variable as shown below, and i want to place that text value inside a textarea or a textfield i will encounter problems as shown below:

$value='We said "We are going there" yesterday';
$value1="We weren't supposed to go there"

It will appear cut if i tried to retrieve these texts and place them back in the textfield or textarea.
I know its because i tried to echo everything out i.e.

echo "<input type='text' name='textfield' value='".$value."'/>";
echo '<input type="text" name="textfield" value="'.$value1.'"/>';

They will not show the textfield containing the full text as the text will be truncated.
I have tried all means to find a solution to this problem and it just doesnt seem to work.

This certainly can pose some security threat esp when a user does some registration using a username that contains even the (`) character. pls can someone help me solve this problem by telling me what to do?
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Textarea, and textfield problems

Post by pickle »

wrap it in htmlentities()

Code: Select all

$value='We said "We are going there" yesterday';
$value1="We weren't supposed to go there";
 
echo '<input type="text" name="textfield" value="'.htmlentities($value).'"/>';
echo '<input type="text" name="textfield" value="'.htmlentities($value1).'"/>';
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Textarea, and textfield problems

Post by requinix »

Function to escape text for MySQL queries
Function to escape text for use in HTML

Code: Select all

$text = "This text has \"s, 's, and `s.";
$query = "INSERT INTO table (a, b, c) VALUES (1, 2, '" . mysql_real_escape_string($text) . "')";
?>
 
<input type="text" name="textfield1" value="<?php echo htmlentities($text); ?>" />
<input type='text' name='textfield2' value='<?php echo htmlentities($text, ENT_QUOTES); ?>' />
Note that you need to use ENT_QUOTES in htmlentities when you're putting it in a '-quoted attribute. It's not necessary for "-quoted attributes.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: Textarea, and textfield problems

Post by AbraCadaver »

I was going to recommend htmlentities(), however I copied smixcer's code and didn't have the same problem. The way he has quoted his attributes and the quotes that are in the strings make it look like it would work fine also.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Textarea, and textfield problems

Post by requinix »

AbraCadaver wrote:I was going to recommend htmlentities(), however I copied smixcer's code and didn't have the same problem. The way he has quoted his attributes and the quotes that are in the strings make it look like it would work fine also.
Exactly what he posted, yeah there aren't any problems. But when reversed there are.

Code: Select all

<input type='text' name='textfield' value='We weren't supposed to go there'/>

Code: Select all

<input type="text" name="textfield" value="We said "We are going there" yesterday"/>
smixcer
Forum Newbie
Posts: 5
Joined: Fri Jan 30, 2009 5:09 am

Re: Textarea, and textfield problems

Post by smixcer »

Thanks Gees!
Never would it have occurred to me on using the htmlentities as a workaround. I'll try it when i hit the app environment.

Thanks Again
Post Reply