Page 1 of 1

Cannot post HTML in a field

Posted: Tue Aug 21, 2007 10:02 am
by Simmo
JayBird | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


I'm a newbie to PHP so please forgive and stupid questions.

For some reason the simple code below works on my local install of PHP but doesn't work when I upload it to my webspace hosted by eUKHost.

I want to enter words and HTML into the field, submit it and get the words and HTML back. Simple right?

Here is the link to the file on my webspace so you can see what it is doing http://grahamsimmons.co.uk/demo/oas/test.php

If you enter 'Hello' into the field it works fine, but enter '<b>Hello</b>' and it fails!!!!

What am I doing wrong?

Here is the code ...

Code: Select all

<html>
<head><title>TEST</title></head>
<body>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<?php  
   if (isset($_POST['submit'])) {
      $Description = $_POST['description'];
   }
?>
<textarea name="description" cols="70" rows="6"><?php echo $Description; ?></textarea>  
<input type="submit" name="submit" value="Submit"> 
</form>
</body>
</html>

JayBird | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Aug 21, 2007 10:15 am
by Zoxive

Posted: Tue Aug 21, 2007 10:26 am
by Simmo
Thanks Zoxive, but I have added htmlspecialchars where I think it should go, but it still doesn't work :cry:

Any other ideas?

Code: Select all

<html>
<head><title>Test</title></head>
<body>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<?php  
   if (isset($_POST['submit'])) {
      $Description = htmlspecialchars($_POST['description'], ENT_QUOTES);
   }
?>
<textarea name="description" cols="70" rows="6"><?php echo $Description; ?></textarea>  
<input type="submit" name="submit" value="Submit"> 
</form>
</body>
</html>

Posted: Tue Aug 21, 2007 10:39 am
by iknownothing
don't use $_SERVER['PHP_SELF'], its a security risk, instead, leave action blank "" or don't use it at all.

It works fine for me, maybe your server somehow disallows the use of html being posted, or, its $_SERVER['PHP_SELF'], playing games.

Posted: Tue Aug 21, 2007 10:45 am
by Simmo
I've removed the $_SERVER['PHP_SELF'] and left the field blank, but still it doesn't work.

Does the link http://grahamsimmons.co.uk/demo/oas/test.php work for you iknownothing?

Posted: Tue Aug 21, 2007 10:54 am
by miro_igov
I tested this and think you have troubles with your server. It posts fine simple text but anything in <> fails.

Posted: Tue Aug 21, 2007 11:20 am
by Simmo
It now works .... I spoke to eUKHost and explained the problem and they disabled a server setting mod_sec or something.