Page 1 of 1

Formatting text

Posted: Thu May 22, 2008 6:26 pm
by junestag
Hello,
I'm creating a backend data entry form for my authors. They will be entering data in input text fields as well as memo fields.

When I output the data they have entered onto a page for the general users of the website I want parts of what my authors entered to be capitalized and some of the memo text needs to have paragraph breaks. Is this something I need to have the authors code into the form fields when they fill them out or is there a way using php to format text as it comes out to the end-user?

Re: Formatting text

Posted: Thu May 22, 2008 6:29 pm
by RobertGonzalez
You should be handling that stuff code side since you should be validating their inputs anyway. If what they are inputting will ever make its way to a screen you need to validate, filter, sanitize and escape going in and coming out.

Re: Formatting text

Posted: Thu May 22, 2008 9:47 pm
by Ambush Commander
Hello, can you give examples of what input and expected output should be?

Re: Formatting text

Posted: Fri May 23, 2008 1:43 pm
by junestag
Absolutely. The input would be a <textarea> field in a form and the user might enter a block of text like so:

"The spokesman, Osler McCarthy, said he did not know how long it would take for the court to rule, or whether the court would hear oral arguments.

The decision by the appeals court, handed down on Thursday, abruptly threw the largest custody case in recent American history into turmoil."

When i retrieve this text from mysql and print it out to the page I want it to look exactly the same.

- sage

Re: Formatting text

Posted: Fri May 23, 2008 1:49 pm
by RobertGonzalez
You are going to have to manipulate that information then. At worst you would use something nl2br() but there is a lot more to it than that. You need to make sure that you do not allow malicious characters to be passed to your database (and subsequently passed to your users). You should check to make sure the content they are entering does not have certain disallowed keywords (like <span style='color:red;text-decoration:blink' title='Alert a moderator!'>grilled spam</span> or P3N1S or something along those lines - not saying your users would enter that stuff, but who knows).

If it is only formatting you want and you are not concerned with the security of your database, web app or users, then start with nl2br() to manage new lines of text.

Re: Formatting text

Posted: Sun May 25, 2008 2:50 pm
by junestag
that worked perfectly. as a follow up, how do i ascertain whether users are entering bad keywords and how can one stop that?

thanks again,
sage

Re: Formatting text

Posted: Sun May 25, 2008 11:48 pm
by RobertGonzalez
Lists. Blacklists or whitelists. But generally you would use a list.

Re: Formatting text

Posted: Thu May 29, 2008 12:32 pm
by junestag
Great, thanks for all your help :)