Input field configuration

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Santo
Forum Newbie
Posts: 2
Joined: Thu Jun 17, 2004 10:04 pm

Input field configuration

Post by Santo »

Hi,

I am building a script that has a form so ppl can send some content. One of the fields of the form is for text. Also i am very new to php, so maybe my question is pretty easy to figure out.

Now the problem is in that field. I need that field to accept all kind of chars like slashes (/\) and other chars. When someone submits something php saves it in the database with more slashes then the original field content had.

I am using nl2br function to add br tags. The text field should act as a what you type is what the output should be....

Also if i use stripslashes() i get less of them then what was typed by the user.

Code:

Code: Select all

function adddataentry() {
	global $prefix, $db, $modulename, $user, $allowusersubmit, $onlyregusers;
	$mainindex = 1;
    	mainheader($mainindex);
	if ($allowusersubmit == 1) {
	if (is_user($user)) {
	$isuser = 1;
	} else {
	$isuser = 0;
	}
	if ($isuser == 0 and $onlyregusers == 1) {
		OpenTable();
			echo ""._ONLYREGUSERS."";
		CloseTable();
	} elseif ($isuser == 1 and $onlyregusers == 1) {
		include("includes/addform.php");
	} else {
		include("includes/addform.php");
	}
	} else {
		OpenTable();
			echo ""._POSTDISABLED."";
		CloseTable();
	}
}

function previewform($newcategory, $itemauthor, $itemwebsite, $itemtitle, $submitter, $email, $descrip, $content, $bypassq) {
	global $prefix, $db, $modulename;
	checktitle($itemtitle);
	checkbad($content);
	errors();
		$mainindex = 1;
    	mainheader($mainindex);
    	$formattedcontent = nl2br($content);

		OpenTable();
			echo "<table border="0" width="100%">"
			."<tr>"
			."<td width="100%" valign="top">"
			."<p align="center"><b>"._PREVIEWHEAD."</b></td>"
			."</tr>"
			."</table>";
		CloseTable();
		OpenTable();
			echo "<table border="0" width="100%">"
			."<tr>"
			."<td width="100%">"
			."<p align="center">&nbsp;"._PREVIEWTITLE."</td>"
			."</tr>"
			."<tr>"
			."<td width="100%">&nbsp;<table border="2" bordercolor="#C0C0C0" width="100%">"
			."<tr>"
			."<td width="100%">"
			."<p align="left">$formattedcontent</td>"
			."</tr>"
			."</table>"
			."<p>&nbsp;</td>"
			."</tr>"
			."<tr>"
			."<td width="100%">"
			."<p align="center">&nbsp;"._PREVIEWREQUEST."</td>"
			."</tr>"
			."</table>";
		CloseTable();
	include("modules/$modulename/includes/modifyform.php");
}

function postdata($newcategory, $itemauthor, $itemwebsite, $itemtitle, $submitter, $email, $descrip, $content, $bypassq) {
	global $prefix, $db, $modulename, $mainprefix;
	checktitle($itemtitle);
	errors();
	$content2= stripslashes($content);
	$descrip2= stripslashes($descrip);
	$submitter2= stripslashes($submitter);
	$itemtitle2= stripslashes($itemtitle);
	$itemauthor2= stripslashes($itemauthor);
	$datea = date("Y-m-d H:i:s");
		$db->sql_query("INSERT into musica_tabs_queue VALUES ('', '$newcategory', '$itemauthor2', '$itemwebsite', '$itemtitle2', '$descrip2', '$content2', '$submitter2', '$email')");
		$posted = 0;
	$result = $db->sql_query("select id from ".$prefix."_".$mainprefix."_queue");
	$waiting = $db->sql_numrows($result);
	include("header.php");
	include("modules/$modulename/includes/js.php");
		$mainindex = 1;
    	mainheader($mainindex);
	if ($posted == 1) {
		OpenTable();
			echo ""._ADMINPOSTED."";
		CloseTable();
	} else {
		OpenTable();
			echo "<table border="0" width="100%">"
 			."<tr>"
 			."<td width="100%" align="center">"._ADDPOSTHEADER.".</td>"
			."</tr>"
			."<tr>"
			."<td width="100%" align="center">"._ADDPOSTMESSAGE.".</td>"
			."</tr>"
			."<tr>"
			."<td width="100%" align="center">&nbsp;</td>"
			."</tr>"
			."<tr>"
			."<td width="100%" align="center">"._ADDPOSTPART1." $waiting "._ADDPOSTPART2.".</td>"
			."</tr>"
			."</table>";
		CloseTable();
	}
}
What am i missing?

Thank you for any help!


feyd|use

Code: Select all

tags please.[/color]
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

You have magic quotes On, turn them off if you can and read this
Santo
Forum Newbie
Posts: 2
Joined: Thu Jun 17, 2004 10:04 pm

Post by Santo »

forgot to put the addform.php and modifyform.php files.

addform.php

Code: Select all

<?php
global $prefix, $db, $user, $cookie, $admin, $modulename, $mainprefix;

	OpenTable();
?>

<script language="JavaScript">
<!-- 
function pagebreak()
{
document.postnew.content.value += ("<!--pagebreak-->")
}
// -->
</script>
<script language="JavaScript">
<!--
function IMG()
{
  var IMG = window.prompt("<?PHP echo ""._IMAGENAME.""; ?>","")
    if(IMG =='')
	{
NOTEXT()
	}
    else
	{
document.postnew.content.value += ("<img src=" + IMG + ">\n")
	}
}
// -->
</script>

<?PHP
	// JavaScript Error Checking
echo "<script language="JavaScript">\n";
echo "\n";
echo "<!--\n";
echo "                        function checkData (){\n";
echo "                                if (document.postnew.newcategory.value == "") {\n";
echo "                                        alert(""._ECCAT.".")\n";
echo "                                        document.postnew.newcategory.focus()\n";
echo "                                        return false}\n";
echo "                                if (document.postnew.itemauthor.value == "") {\n";
echo "                                        alert(""._ECAUTHOR.".")\n";
echo "                                        document.postnew.itemauthor.focus()\n";
echo "                                        return false}\n";
echo "                                if (document.postnew.itemwebsite.value == "") {\n";
echo "                                        alert(""._ECWEBSITE.".")\n";
echo "                                        document.postnew.itemwebsite.focus()\n";
echo "                                        return false}\n";
echo "                                if (document.postnew.itemtitle.value == "") {\n";
echo "                                        alert(""._ECTITLE.".")\n";
echo "                                        document.postnew.itemtitle.focus()\n";
echo "                                        return false}\n";
echo "                                if (document.postnew.submitter.value == "") {\n";
echo "                                        alert(""._ECYOURNAME.".")\n";
echo "                                        document.postnew.submitter.focus()\n";
echo "                                        return false}\n";
echo "                                if (document.postnew.email.value == "") {\n";
echo "                                        alert(""._ECYOUREMAIL.".")\n";
echo "                                        document.postnew.email.focus()\n";
echo "                                        return false}\n";
echo "                                if (document.postnew.descrip.value == "") {\n";
echo "                                        alert(""._ECDESCRIP.".")\n";
echo "                                        document.postnew.descrip.focus()\n";
echo "                                        return false}\n";
echo "                                if (document.postnew.content.value == "") {\n";
echo "                                        alert(""._ECCONTENT."")\n";
echo "                                        document.postnew.content.focus();\n";
echo "                                        return false;\n";
echo "\n";
echo "                                }\n";
echo "                          \n";
echo "                        }\n";
echo "// -->\n";
echo "\n";
echo "</script>\n";
// end error checking
			echo "<form method="POST" action="modules.php?name=$modulename&file=add" enctype="multipart/form-data" name="postnew" onsubmit="return checkData()">";
			echo "  <table border="0" cellpadding="0" cellspacing="0" width="100%">";
			echo "    <tr>";
			echo "      <td width="20%">"._NEWCAT.":</td>";
			echo "      <td width="80%"><select size="1" name="newcategory">";
			echo "      <option selected>-- "._NEWPLSONE." --</option>";
	$result = $db->sql_query("select id, title from ".$prefix."_".$mainprefix."_categories order by title");
	$result2 = $db->sql_query("SELECT id, parentid, title FROM ".$prefix."_".$mainprefix."_categories order by parentid,title");
	while(list($cid2, $parentid2, $ctitle2) = $db->sql_fetchrow($result2)) {
    if ($parentid2!=0) $ctitle2=getparent($parentid2,$ctitle2);
    		echo "      <option value="$cid2">$ctitle2</option>";
	}
			echo "      </select></td>";
			echo "    </tr>";
			echo "    <tr>";
			echo "      <td width="20%">"._NEWAUTHOR.":</td>";
			echo "      <td width="80%">";
			echo "      <input type="text" name="itemauthor" size="27" maxlength="100"> ("._NEWITEMAUTHOR.".)";
			echo "      </td>";
			echo "    </tr>";
			echo "    <tr>";
			echo "      <td width="20%">"._NEWWEBSITE.":</td>";
			echo "      <td width="80%">";
			echo "      <input type="text" name="itemwebsite" size="27" maxlength="200"> ("._NEWWEBMESS.".)";
			echo "      </td>";
			echo "    </tr>";
			echo "    <tr>";
			echo "      <td width="20%">"._NEWTITLE.":</td>";
			echo "      <td width="80%">";
			echo "      <input type="text" name="itemtitle" size="27" maxlength="120"> ("._NEWTITLEMESS.".)";
			echo "      </td>";
			echo "    </tr>";
	if (is_user($user)) {
	cookiedecode($user);
			echo "    <tr>";
			echo "      <td width="20%">"._NEWYOURNAME.":</td>";
			echo "      <td width="80%">";
			echo "      <input type="text" readOnly name="submitter" size="27" maxlength="100" value="$cookie[1]"> ("._NEWNAMEMESS.".)";
			echo "      </td>";
			echo "    </tr>";
		$femailcheck = $db->sql_query("SELECT user_email from ".$prefix."_users where username = '$cookie[1]'");
		if ($femailcheck == 1) {
			while(list($user_email) = $db->sql_fetchrow($femailcheck)) {
			echo "    <tr>";
			echo "      <td width="20%">"._NEWYOUREMAIL.".</td>";
			echo "      <td width="80%"><input type="text" name="email" size="27" maxlength="120" value="$user_email"> ("._NEWYOUREMESS.").";
			echo "      </td>";
			echo "    </tr>";
		}
		} else {
			echo "    <tr>";
			echo "      <td width="20%">"._NEWYOUREMAIL.".</td>";
			echo "      <td width="80%"><input type="text" name="email" size="27"> ("._NEWYOUREMESS.").";
			echo "      </td>";
			echo "    </tr>";
		}
	} else {
			echo "    <tr>";
			echo "      <td width="20%">"._NEWYOURNAME.":</td>";
			echo "      <td width="80%">";
			echo "      <input type="text" name="submitter" size="27" maxlength="100"> ("._NEWNAMEMESS.".)";
			echo "      </td>";
			echo "    </tr>";
			echo "    <tr>";
			echo "      <td width="20%">"._NEWYOUREMAIL.".</td>";
			echo "      <td width="80%"><input type="text" name="email" size="27" maxlength="120"> ("._NEWYOUREMESS.").";
			echo "      </td>";
			echo "    </tr>";
	}
			echo "    <tr>";
			echo "      <td width="20%">"._NEWDESCRIP.":</td>";
			echo "      <td width="80%"><input type="text" name="descrip" size="27" maxlength="120"> ("._NEWDESCRIPMESS.".)";
			echo "      </td>";
			echo "    </tr>";
			echo "    <tr>";
			echo "      <td width="20%" valign="top">"._NEWCONTENT.":<br>";
			echo "      ("._NEWHTML.").";
			echo "<br><br><center><input type="button" onClick="javascript:pagebreak()" value=""._INSERTPB.""></center>\n";
			echo "<br><br><center><input type="button" onClick="javascript:IMG()" value=""._INSERTIMAGE.""></center>\n";		
			echo "	</td>";
			echo "      <td width="80%"><textarea rows="17" name="content" cols="56"></textarea></td>";
    		echo "</tr>";
    		echo "    <tr>";
			echo "      <td width="20%" valign="top"> </td>";
			echo "      <td width="80%"> </td>";
			echo "    </tr>";
			echo "    <tr>";
			echo "      <td width="100%" valign="top" colspan="2">";
			//if (is_admin($admin)) {
			//echo ""._BYPASS."";
			//echo "<select size="1" name="bypassq">";
  			//echo "<option value="1">"._NEWYES."</option>";
  			//echo "<option value="0">"._NEWNO."</option>";
  			//echo "</select>";
  			//echo "      <select size="1" name="op"><option value="previewform">"._NEWPREVIEW."</option>";
			//echo "      <option value="postdata">"._NEWPOST."</option>";
			//echo "      </select> <input type="submit" value=""._NEWGO."!"></td>";
			//} else {
			echo "      <select size="1" name="op"><option value="previewform">"._NEWPREVIEW."</option>";
			echo "      </select> <input type="submit" value=""._NEWGO."!"></td>";
			//}
			echo "    </tr>";
			echo "  </table>";
			echo "</form>";
	CloseTable();


?>
modifyform.php

Code: Select all

<?php
global $prefix, $db, $user, $cookie, $admin, $modulename, $mainprefix;

	OpenTable();
?>

<script language="JavaScript">
<!-- 
function pagebreak()
{
document.postnew.content.value += ("<!--pagebreak-->")
}
// -->
</script>
<script language="JavaScript">
<!--
function IMG()
{
  var IMG = window.prompt("<?PHP echo ""._IMAGENAME.""; ?>","")
    if(IMG =='')
	{
NOTEXT()
	}
    else
	{
document.postnew.content.value += ("<img src=" + IMG + ">\n")
	}
}
// -->
</script>

<?PHP
		// JavaScript Error Checking
echo "<script language="JavaScript">\n";
echo "\n";
echo "<!--\n";
echo "                        function checkData (){\n";
echo "                                if (document.postnew.newcategory.value == "") {\n";
echo "                                        alert(""._ECCAT.".")\n";
echo "                                        document.postnew.newcategory.focus()\n";
echo "                                        return false}\n";
echo "                                if (document.postnew.itemauthor.value == "") {\n";
echo "                                        alert(""._ECAUTHOR.".")\n";
echo "                                        document.postnew.itemauthor.focus()\n";
echo "                                        return false}\n";
echo "                                if (document.postnew.itemwebsite.value == "") {\n";
echo "                                        alert(""._ECWEBSITE.".")\n";
echo "                                        document.postnew.itemwebsite.focus()\n";
echo "                                        return false}\n";
echo "                                if (document.postnew.itemtitle.value == "") {\n";
echo "                                        alert(""._ECTITLE.".")\n";
echo "                                        document.postnew.itemtitle.focus()\n";
echo "                                        return false}\n";
echo "                                if (document.postnew.submitter.value == "") {\n";
echo "                                        alert(""._ECYOURNAME.".")\n";
echo "                                        document.postnew.submitter.focus()\n";
echo "                                        return false}\n";
echo "                                if (document.postnew.email.value == "") {\n";
echo "                                        alert(""._ECYOUREMAIL.".")\n";
echo "                                        document.postnew.email.focus()\n";
echo "                                        return false}\n";
echo "                                if (document.postnew.descrip.value == "") {\n";
echo "                                        alert(""._ECDESCRIP.".")\n";
echo "                                        document.postnew.descrip.focus()\n";
echo "                                        return false}\n";
echo "                                if (document.postnew.content.value == "") {\n";
echo "                                        alert(""._ECCONTENT."")\n";
echo "                                        document.postnew.content.focus();\n";
echo "                                        return false;\n";
echo "\n";
echo "                                }\n";
echo "                          \n";
echo "                        }\n";
echo "// -->\n";
echo "\n";
echo "</script>\n";
// end error checking
			echo "<form method="POST" action="modules.php?name=$modulename&file=add" enctype="multipart/form-data" name="postnew" onsubmit="return checkData()">";
			echo "  <table border="0" cellpadding="0" cellspacing="0" width="100%">";
			echo "    <tr>";
			echo "      <td width="20%">"._NEWCAT.":</td>";
			echo "      <td width="80%"><select size="1" name="newcategory">";
			echo "      <option selected>-- "._NEWPLSONE." --</option>";
	$result = $db->sql_query("select id, title from ".$prefix."_".$mainprefix."_categories order by title");
	$result2 = $db->sql_query("SELECT id, parentid, title FROM ".$prefix."_".$mainprefix."_categories order by parentid,title");
	while(list($cid2, $parentid2, $ctitle2) = $db->sql_fetchrow($result2)) {
    if ($parentid2!=0) $ctitle2=getparent($parentid2,$ctitle2);
    if ($cid2==$newcategory) { $sel = "selected "; }
    		echo "      <option $sel value="$cid2">$ctitle2</option>";
    $sel = "";
	}
			echo "      </select></td>";
			echo "    </tr>";
			echo "    <tr>";
			echo "      <td width="20%">"._NEWAUTHOR.":</td>";
			echo "      <td width="80%">";
			echo "      <input type="text" name="itemauthor" size="27" maxlength="100" value="$itemauthor"> ("._NEWITEMAUTHOR.".)";
			echo "      </td>";
			echo "    </tr>";
			echo "    <tr>";
			echo "      <td width="20%">"._NEWWEBSITE.":</td>";
			echo "      <td width="80%">";
			echo "      <input type="text" name="itemwebsite" size="27" maxlength="200" value="$itemwebsite"> ("._NEWWEBMESS.".)";
			echo "      </td>";
			echo "    </tr>";
			echo "    <tr>";
			echo "      <td width="20%">"._NEWTITLE.":</td>";
			echo "      <td width="80%">";
			echo "      <input type="text" name="itemtitle" size="27" maxlength="120" value="$itemtitle"> ("._NEWTITLEMESS.".)";
			echo "      </td>";
			echo "    </tr>";
	if (is_user($user)) {
	cookiedecode($user);
			echo "    <tr>";
			echo "      <td width="20%">"._NEWYOURNAME.":</td>";
			echo "      <td width="80%">";
			echo "      <input type="text" readOnly name="submitter" size="27" maxlength="100" value="$cookie[1]"> ("._NEWNAMEMESS.".)";
			echo "      </td>";
			echo "    </tr>";
		$femailcheck = $db->sql_query("SELECT femail from ".$prefix."_users where username = '$cookie[1]'");
		if ($femailcheck == 1) {
			while(list($femail) = $db->sql_fetchrow($femailcheck)) {
			echo "    <tr>";
			echo "      <td width="20%">"._NEWYOUREMAIL.".</td>";
			echo "      <td width="80%"><input type="text" name="email" size="27" value="$femail" maxlength="120"> ("._NEWYOUREMESS.").";
			echo "      </td>";
			echo "    </tr>";
		}
		} else {
			echo "    <tr>";
			echo "      <td width="20%">"._NEWYOUREMAIL.".</td>";
			echo "      <td width="80%"><input type="text" name="email" size="27" value="$email" maxlength="120"> ("._NEWYOUREMESS.").";
			echo "      </td>";
			echo "    </tr>";
		}
	} else {
			echo "    <tr>";
			echo "      <td width="20%">"._NEWYOURNAME.":</td>";
			echo "      <td width="80%">";
			echo "      <input type="text" name="submitter" size="27" maxlength="100" value="$submitter"> ("._NEWNAMEMESS.".)";
			echo "      </td>";
			echo "    </tr>";
			echo "    <tr>";
			echo "      <td width="20%">"._NEWYOUREMAIL.".</td>";
			echo "      <td width="80%"><input type="text" name="email" size="27" value="$submitter"  maxlength="120"> ("._NEWYOUREMESS.").";
			echo "      </td>";
			echo "    </tr>";
	}
			echo "    <tr>";
			echo "      <td width="20%">"._NEWDESCRIP.":</td>";
			echo "      <td width="80%"><input type="text" name="descrip" size="27" value="$descrip"  maxlength="120"> ("._NEWDESCRIPMESS.".)";
			echo "      </td>";
			echo "    </tr>";
			echo "    <tr>";
			echo "      <td width="20%" valign="top">"._NEWCONTENT.":<br>";
			echo "      ("._NEWHTML.").";
			echo "<br><br><center><input type="button" onClick="javascript:pagebreak()" value=""._INSERTPB.""></center>\n";					
			echo "<br><br><center><input type="button" onClick="javascript:IMG()" value=""._INSERTIMAGE.""></center>\n";		
			echo "</td>";
			echo "      <td width="80%"><textarea rows="17" name="content" cols="56">$content</textarea></td>";
    		echo "</tr>";
    		echo "    <tr>";
			echo "      <td width="20%" valign="top"> </td>";
			echo "      <td width="80%"> </td>";
			echo "    </tr>";
			echo "    <tr>";
			echo "      <td width="100%" valign="top" colspan="2">";
			//if (is_admin($admin)) {
			//echo ""._BYPASS."";
			//echo "<select size="1" name="bypassq">";
  			//echo "<option value="1">"._NEWYES."</option>";
  			//echo "<option value="0">"._NEWNO."</option>";
  			//echo "</select>";
  			//echo "      <select size="1" name="op"><option value="previewform">"._NEWPREVIEW."</option>";
			//echo "      <option value="postdata">"._NEWPOST."</option>";
			//echo "      </select> <input type="submit" value=""._NEWGO."!"></td>";
			//} else {
			echo "      <select size="1" name="op"><option value="previewform">"._NEWPREVIEW."</option>";
			echo "      <option value="postdata">"._NEWPOST."</option></select> <input type="submit" value=""._NEWGO."!"></td>";
			//}
			echo "    </tr>";
			echo "  </table>";
			echo "</form>";
	CloseTable();


?>
Post Reply