Page 1 of 1

Textarea, and textfield problems

Posted: Thu Dec 10, 2009 12:46 pm
by smixcer
Its funny the problem i am encountering.
When i send a text into the database by using the text or textarea form element, i then try to retrieve that text back and place it into that same textfield or textarea, i encounter problems.
To explain the problem in a shorter way, assuming i have a text value stored in a variable as shown below, and i want to place that text value inside a textarea or a textfield i will encounter problems as shown below:

$value='We said "We are going there" yesterday';
$value1="We weren't supposed to go there"

It will appear cut if i tried to retrieve these texts and place them back in the textfield or textarea.
I know its because i tried to echo everything out i.e.

echo "<input type='text' name='textfield' value='".$value."'/>";
echo '<input type="text" name="textfield" value="'.$value1.'"/>';

They will not show the textfield containing the full text as the text will be truncated.
I have tried all means to find a solution to this problem and it just doesnt seem to work.

This certainly can pose some security threat esp when a user does some registration using a username that contains even the (`) character. pls can someone help me solve this problem by telling me what to do?

Re: Textarea, and textfield problems

Posted: Thu Dec 10, 2009 2:17 pm
by pickle
wrap it in htmlentities()

Code: Select all

$value='We said "We are going there" yesterday';
$value1="We weren't supposed to go there";
 
echo '<input type="text" name="textfield" value="'.htmlentities($value).'"/>';
echo '<input type="text" name="textfield" value="'.htmlentities($value1).'"/>';

Re: Textarea, and textfield problems

Posted: Thu Dec 10, 2009 2:18 pm
by requinix
Function to escape text for MySQL queries
Function to escape text for use in HTML

Code: Select all

$text = "This text has \"s, 's, and `s.";
$query = "INSERT INTO table (a, b, c) VALUES (1, 2, '" . mysql_real_escape_string($text) . "')";
?>
 
<input type="text" name="textfield1" value="<?php echo htmlentities($text); ?>" />
<input type='text' name='textfield2' value='<?php echo htmlentities($text, ENT_QUOTES); ?>' />
Note that you need to use ENT_QUOTES in htmlentities when you're putting it in a '-quoted attribute. It's not necessary for "-quoted attributes.

Re: Textarea, and textfield problems

Posted: Thu Dec 10, 2009 2:23 pm
by AbraCadaver
I was going to recommend htmlentities(), however I copied smixcer's code and didn't have the same problem. The way he has quoted his attributes and the quotes that are in the strings make it look like it would work fine also.

Re: Textarea, and textfield problems

Posted: Thu Dec 10, 2009 3:02 pm
by requinix
AbraCadaver wrote:I was going to recommend htmlentities(), however I copied smixcer's code and didn't have the same problem. The way he has quoted his attributes and the quotes that are in the strings make it look like it would work fine also.
Exactly what he posted, yeah there aren't any problems. But when reversed there are.

Code: Select all

<input type='text' name='textfield' value='We weren't supposed to go there'/>

Code: Select all

<input type="text" name="textfield" value="We said "We are going there" yesterday"/>

Re: Textarea, and textfield problems

Posted: Fri Dec 11, 2009 4:15 am
by smixcer
Thanks Gees!
Never would it have occurred to me on using the htmlentities as a workaround. I'll try it when i hit the app environment.

Thanks Again