html into database

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
chris98
Forum Contributor
Posts: 103
Joined: Tue Jun 11, 2013 10:47 am
Location: England, United Kingdom

html into database

Post by chris98 »

Hello, I am using PDO to create a download central.


I want to allow my users to post html codes into their file description.(I.e. <br>, <img>.etc)

Every time I try, it outputs the exact same code, as if it is text.For example, I might enter:

Code: Select all

<p><br><strong>test</strong> <u>test2</u></p>
The result is exactly the same as I put!

Code: Select all

<p><br><strong>test</strong> <u>test2</u></p>
Why is this?

Why can't it just work?

What do I need to do to make it work?
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: html into database

Post by Celauran »

Not much to work with here. Can you post some code?
User avatar
chris98
Forum Contributor
Posts: 103
Joined: Tue Jun 11, 2013 10:47 am
Location: England, United Kingdom

Re: html into database

Post by chris98 »

Code: Select all

<?php
define('PUN_ROOT', dirname(__FILE__).'/../../');
include PUN_ROOT.'include/common.php';
define('PUN_ROOT', './');
if ($pun_user['is_guest'])
    header("location: ../../../login.php");
    require_once('general.php');
    require_once('db/db_connection.php');
    if (isset($_POST['submitBtn'])) {
	$user_id = "".$pun_user['id']."";
	$minimap_uploadLocation = "c:/wamp/www/stronghold2nation/downloads/files/minimaps/\\";
	$uploadLocation = "c:/wamp/www/stronghold2nation/downloads/files/downloads/\\";
	$format     = (isset($_POST['format'])) ? htmlentities($_POST['format']) : '' ;
	$name     = (isset($_POST['name'])) ? htmlentities($_POST['name']) : '' ;
		 $username = "".($pun_user['username'])."";
		 $size     = (isset($_POST['size'])) ? htmlentities($_POST['size']) : '' ;
         $text  = (isset($_POST['area1'])) ? htmlentities($_POST['area1']) : '' ;
		 $minimap  =   "".  basename( $_FILES['upfile']['name'])."";
         $file  =   "".  basename( $_FILES['ufile']['name'])."";
         $email    = (isset($_POST['email'])) ? htmlentities($_POST['email']) : '' ;
         $date  =  "".date("d/m/Y")."";
		 $category     = (isset($_POST['data_name'])) ? htmlentities($_POST['data_name']) : '' ;
		 
if (($_FILES["file"]["size"] > 262144000)) // Max File Size: 250MB
  {
  exit ('Your file size is too big.Please try again.');
  }
$allowed[] = 'gif';
$allowed[] = 'bmp';
$allowed[] = 'jpg';
$allowed[] = 'jpeg';
$allowed[] = 'png';
$allowed[] = '';  
  $filename = basename( $_FILES['upfile']['name']);
  $ext = substr($filename, strrpos($filename, '.')+1 , 3);
  $ext = strtolower($ext);

  if (!in_array($ext, $allowed)) {
        exit('This type of file extension is not allowed.Please upload a valid preview image.');
  }
  $allowed1[] = 'zip';
  $filename_2 = basename( $_FILES['ufile']['name']);
  $ext1 = substr($filename_2, strrpos($filename_2, '.')+1 , 3);
  $ext1 = strtolower($ext1);

  if (!in_array($ext1, $allowed1)) {
        exit('This type of file extension is not allowed.Please upload a zip file.');
  }
  $filename_check2 = "../files/minimaps/".$minimap."";
  if (!empty($minimap)) {
if (file_exists($filename_check2)) {
    exit ('The preview image you are uploading already exists.Please specify a different name, then try again.');
};  
}
$target_path = $minimap_uploadLocation . basename( $_FILES['upfile']['name']);
if(move_uploaded_file($_FILES['upfile']['tmp_name'], $target_path)) {
};
 $filename_check = "../files/downloads/".$file."";

if (file_exists($filename_check)) {
    exit ('The zip file you are uploading already exists.Please specify a different name, and try again.');
};
$target_path1 = $uploadLocation . basename( $_FILES['ufile']['name']);
if(!move_uploaded_file($_FILES['ufile']['tmp_name'], $target_path1)) {
    exit ('There was an error uploading the file.Please try again.');
}	 
         
         //Minimum name and comment length.
         if ((strlen($name) > 2) && (strlen($text) > 5)){
             $sql = "INSERT INTO downloads_unchecked (name,username,userid,size,text,minimap,date,file,category,email) VALUES (
			 :name,:username,:userid,:size,:text,:minimap,:date,:file,:category,:email)";  

$ps = $pdo->prepare($sql);  

$ps->execute(array(':name'=>$name, 
 
':username'=>$username,
':userid'=>$user_id,
':size'=>$size,
':text'=>$text,
':minimap'=>$minimap,
':date'=>$date,
':file'=>$file,
':category'=>$category,
':email'=>$email));
		 }
         
         header("Location:  thank_you.php");
    }
    else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<script type="text/javascript" src="http://js.nicedit.com/nicEdit-latest.js"></script>
 <script type="text/javascript">
 //<![CDATA[  
 bkLib.onDomLoaded(function() { nicEditors.allTextAreas() });
 //]]>
 </script>
<html>
<head>
<font color="#610B0B">
 <title>Add a file to Stronghold 2 Nation</title>
   <link href="style/style.css" rel="stylesheet" type="text/css" />
   <link href="style/button.css" rel="stylesheet" type="text/css" />
   <link rel="stylesheet" type="text/css" href="../style.css" />
   <link rel="stylesheet" type="text/css" href="style/style2.css" />
</head>
<body>
<div id="page">
      <div id="pagetop">
		<h1>Submit a File to Stronghold 2 Nation (page 2 of 2)</h1>
        <div class="links">    	
            <ul>
            </ul>
        </div>
     </div>
      <div id="main">
        <div id="formheader">Add your file to Stronghold 2 Nation!<br><br>Required Fields are marked with an Asterisk (*) </div>
        <div id="formbody">
          <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="fileform" id="fileform" enctype="multipart/form-data">
            <table align="center">
			  <tr><th>Category: *</th><td><select name="data_name">
<option value="">--Please Select Your Category--</option>
<option value="Peace Custom">Peace Custom</option>
<option value="Free Build">Free Build</option>
<option value="Kingmaker">Kingmaker</option>
<option value="Custom War">Custom War</option>
<option value="Miscellaneous">Miscellaneous</option>
</select><br></td></tr>
 <input type="hidden" name="MAX_FILE_SIZE" value="262144000" />
              <tr><th>File Name: *</th><td><input name="name" type="text" size="42" maxlength="25" /></td></tr>
			  <tr><th>File Size:*</th><td><input name="size" type="numerical" size="4" maxlength="10" /><input name="MB" id="MB" disabled value="MB" size="1" />(Megabytes)<br><a href="size.htm" target="_blank">Click here to learn how to work out the size of your File</a></td></tr>
              <tr><th>Full Description of your File:*</th><td><textarea name="area1" cols="42" rows="15" class="textarea"></textarea>This field may <b>not</b> contain html</td></tr>
              <tr><th><b>Preview Image</b>:<br></th><td><input class="text" name="upfile" type="file" size="36"><br></td></tr>
			  <tr><th>File:*<br></th><td><input class="text" name="ufile" type="file" id="ufile" size="36"><br></td></tr>
              <tr><th>Email:</th><td><input name="email" type="text" size="42" /></td></tr>
              <tr><th colspan="2" align="center"><br/><input class="text" type="submit" name="submitBtn" value="Continue" class="text"/><br><br>Your preview image must be less than 40KB, and must be either a PNG, JPEG or GIF image.It will also automatically get sized to 200x200 pixels.</th></tr>
            </table>  
          </form>

        </div>
        <div id="source"></div>	
      </div>
</body>     
<?php } ?>    
(This is the full code.)
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: html into database

Post by AbraCadaver »

htmlentities() You are transforming the HTML into the entities so that the browser will display the actual characters. Don't htmlentities() before inseting. Use htmlentities() before display if you don't want it treated as HTML.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: html into database

Post by Celauran »

You're using htmlentities() on the strings before saving them to the database, so you need html_entity_decode() before displaying them.
User avatar
chris98
Forum Contributor
Posts: 103
Joined: Tue Jun 11, 2013 10:47 am
Location: England, United Kingdom

Re: html into database

Post by chris98 »

Thank you.That's all it was.I now, however have discovered a problem with the delete code.Could you tell me what I have done wrong here?

Every time I try to delete things, the zip file and preview image will go, but the data in the database stays.I also get no errors at all,and am using the advanced connection which normally displays them.

Code: Select all

<?php
    require_once('../submit/db/db_connection.php');
		 $id     = $_GET["id"];
		 $category = $_GET["category"];
		 $name = $_GET["file_name"];
         $name_image = $_GET["preview"];
		 $file = $_GET["file"];
		 $name_input     = (isset($_POST['name'])) ? htmlentities($_POST['name']) : '' ;
		 $name_2    = (isset($_POST['file_name2'])) ? htmlentities($_POST['file_name2']) : '' ;
		 $name_3    = (isset($_POST['file_name3'])) ? htmlentities($_POST['file_name3']) : '' ;
    if (isset($_POST['submitBtn'])) {
         $id     = $_GET["id"];
		 $category = $_GET["category"];
		 $name = $_GET["file_name"];
         $name_image = $_GET["preview"];
		 $name_input     = (isset($_POST['name'])) ? htmlentities($_POST['name']) : '' ;
		 $name_2    = (isset($_POST['file_name2'])) ? htmlentities($_POST['file_name2']) : '' ;
		 $name_3    = (isset($_POST['image_name'])) ? htmlentities($_POST['image_name']) : '' ;
		 $file_name = (isset($_POST['file_name'])) ? htmlentities($_POST['file_name']) : '' ;
         
             $sql = "DELETE FROM downloads_unchecked WHERE id =  :file";
			 $ps = $pdo->prepare($sql);
			 $ps->bindParam(':file', $id, PDO::PARAM_INT);
			 $ps->execute();
array_map('unlink', glob("../files/files/".$file_name.""));   
array_map('unlink', glob("../files/minimaps/".$name_3.""));
	$actpath = isset($_POST['path']) ? $_POST['path'] : '../files/files';
	$actpath = isset($_GET['path']) ? $_GET['path'] : '../files/files';	
         
         header("Location: redirect.php");
		}
    else {
		
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html>
<head>
   <title>Delete an Upload</title>
   <link href="style/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
      <div id="main">
	  <input type="hidden" name="file_name2" value="<?php echo $name ?>" />
	  <input type="hidden" name="file_name3" value="<?php echo $name_image ?>" />
        <div id="formheader">WARNING! This will delete all traces of this file ever being on our system.</div>
        <div id="formbody">The File Name is displayed below:
          <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="gbook" id="gbook">
		  <input type="hidden" class="text" name="file_name" type="text" size="36" value="<?php echo "".$file.""; ?>">
			  <input type="hidden" class="text" name="image_name" type="text" size="36" value="<?php echo "".$name_image.""; ?>">
			  <input type="hidden" name="name" type="numerical" size="20" maxlength="50" value="<?php echo "".$id.""; ?>"/>
            <table align="center">
              <tr><th>Are you sure?</th><td><input class="text" type="submit" name="submitBtn" value="Delete" /></td></tr>
              <tr><td colspan="2" align="center"><br/><br>
			  <?php echo "".$name.""; ?></td></tr>
			  
            </table>  
          </form>

        </div>
        <div id="source"></div>	
      </div>
</body>     
<?php } ?>   
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: html into database

Post by Celauran »

There's nothing wrong with the query itself. You aren't checking that $_GET['id'] actually contains a value, though.
User avatar
chris98
Forum Contributor
Posts: 103
Joined: Tue Jun 11, 2013 10:47 am
Location: England, United Kingdom

Re: html into database

Post by chris98 »

I have managed to echo it, but nothing else.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: html into database

Post by AbraCadaver »

Make sure you have error reporting on and comment out the header redirect so you'll actually be on the page that might show an error.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
User avatar
chris98
Forum Contributor
Posts: 103
Joined: Tue Jun 11, 2013 10:47 am
Location: England, United Kingdom

Re: html into database

Post by chris98 »

There is still no error.It did definitely work when I used normal mysql, so I don't know what has gone wrong.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: html into database

Post by Celauran »

You're submitting to a page with no GET parameters. The form action is $_SERVER['PHP_SELF'], not $_SERVER['PHP_SELF'] . '?id=' . $id etc. Once the form has been submitted, the $_GET array is empty.
User avatar
chris98
Forum Contributor
Posts: 103
Joined: Tue Jun 11, 2013 10:47 am
Location: England, United Kingdom

Re: html into database

Post by chris98 »

No, the sort of thing I would be linking with would be:

Code: Select all

delete.php?id=3&category=Custom War&file_name=ydyrytrytrytryty&preview=army medic.jpg&file=ancient_756.zip
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: html into database

Post by Celauran »

To arrive at that page, sure. Look at the form action, though.

Code: Select all

if (isset($_POST['submitBtn'])) {
var_dump($_GET);
}
User avatar
chris98
Forum Contributor
Posts: 103
Joined: Tue Jun 11, 2013 10:47 am
Location: England, United Kingdom

Re: html into database

Post by chris98 »

So, in other words, I would need an <input>,to store the

Code: Select all

$_GET
information, then transfer that to a different variable for the delete statement?
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: html into database

Post by Celauran »

You already have one.

Code: Select all

<input type="hidden" name="name" type="numerical" size="20" maxlength="50" value="<?php echo "".$id.""; ?>"/>
Post Reply