Cannot post HTML in a field

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Simmo
Forum Newbie
Posts: 6
Joined: Tue Aug 21, 2007 9:46 am

Cannot post HTML in a field

Post by Simmo »

JayBird | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


I'm a newbie to PHP so please forgive and stupid questions.

For some reason the simple code below works on my local install of PHP but doesn't work when I upload it to my webspace hosted by eUKHost.

I want to enter words and HTML into the field, submit it and get the words and HTML back. Simple right?

Here is the link to the file on my webspace so you can see what it is doing http://grahamsimmons.co.uk/demo/oas/test.php

If you enter 'Hello' into the field it works fine, but enter '<b>Hello</b>' and it fails!!!!

What am I doing wrong?

Here is the code ...

Code: Select all

<html>
<head><title>TEST</title></head>
<body>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<?php  
   if (isset($_POST['submit'])) {
      $Description = $_POST['description'];
   }
?>
<textarea name="description" cols="70" rows="6"><?php echo $Description; ?></textarea>  
<input type="submit" name="submit" value="Submit"> 
</form>
</body>
</html>

JayBird | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
Zoxive
Forum Regular
Posts: 974
Joined: Fri Apr 01, 2005 4:37 pm
Location: Bay City, Michigan

Post by Zoxive »

Simmo
Forum Newbie
Posts: 6
Joined: Tue Aug 21, 2007 9:46 am

Post by Simmo »

Thanks Zoxive, but I have added htmlspecialchars where I think it should go, but it still doesn't work :cry:

Any other ideas?

Code: Select all

<html>
<head><title>Test</title></head>
<body>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<?php  
   if (isset($_POST['submit'])) {
      $Description = htmlspecialchars($_POST['description'], ENT_QUOTES);
   }
?>
<textarea name="description" cols="70" rows="6"><?php echo $Description; ?></textarea>  
<input type="submit" name="submit" value="Submit"> 
</form>
</body>
</html>
User avatar
iknownothing
Forum Contributor
Posts: 337
Joined: Sun Dec 17, 2006 11:53 pm
Location: Sunshine Coast, Australia

Post by iknownothing »

don't use $_SERVER['PHP_SELF'], its a security risk, instead, leave action blank "" or don't use it at all.

It works fine for me, maybe your server somehow disallows the use of html being posted, or, its $_SERVER['PHP_SELF'], playing games.
Simmo
Forum Newbie
Posts: 6
Joined: Tue Aug 21, 2007 9:46 am

Post by Simmo »

I've removed the $_SERVER['PHP_SELF'] and left the field blank, but still it doesn't work.

Does the link http://grahamsimmons.co.uk/demo/oas/test.php work for you iknownothing?
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Post by miro_igov »

I tested this and think you have troubles with your server. It posts fine simple text but anything in <> fails.
Simmo
Forum Newbie
Posts: 6
Joined: Tue Aug 21, 2007 9:46 am

Post by Simmo »

It now works .... I spoke to eUKHost and explained the problem and they disabled a server setting mod_sec or something.
Post Reply