I have a program I built for my work. It's a letter 'creator.' The employees select which letter they want to create, fill in the data, preview the letter, then submit it into the database.
The letters contain an address field as well as other data fields.
When an employee puts a character like a " or a # or some other sign, when the variables are passed through the preview screen, before they are submitted into the database, the program looses all the variables after the symbol.
I tried to fix it by adding this line:
$addy = ereg_replace("(<br>)|(\n)", '<br>', $addy);
$addy = ereg_replace('"', '', $addy);
$addy = stripslashes($addy);
This changes the line returns to <br>, removes the " so the problems is fixed, and removes the slashes. This worked perfect but the " were gone, which was okay. Now I'm finding out its more then just the ", now its the # too and that has to be in the letters. Is there anyway to keep it from messing up and let me keep on using the symbols?
Here's the code.
The first page they see is the form page which displays the forms. This is the cutout from the form action and the addy text box where the problem is.
print '<form method="POST" action="letter_preview.php?act=Upload&subact=NewLetter&letter='.$letter.'&po='.$employee.'&phone='.$phone.'&timeint='.$realtime.'&dateint='.$date.'&type='.$letter.'&empint='.$empint.'&due='.$due.'&returntype='.$deliveroption.'&uniqueid='.$uniqueid.'&digitalsig='.$digitalsig.'">
<p align="center">'.$date.'</p>
<p align="left"><textarea rows="5" name="addy" cols="20"></textarea></p>
<table border="0" cellspacing="1" width="33%" id="AutoNumber1">
<tr>
<td width="25%"><b>RE:</b></td>
<td width="75%"><b><input type="text" name="re" size="20"></b></td>
</tr>
</table>...';
When the submit the page, it goes to letter_preivew.php which is a regular html page with the letter and all the data inserted. The $letter variable = 1.
letter_preview.php
if ( $letter == "1" ) {
$addy = ereg_replace("(<br>)|(\n)", '<br>', $addy);
$addy = ereg_replace('"', '', $addy);
$addy = stripslashes($addy);
$cc = ereg_replace("(<br>)|(\n)", '<br>', $cc);
$cc = ereg_replace('"', '', $cc);
$cc = stripslashes($cc);
print '<center><a href="letter_upload.php?letter=1&po='.$po.'&phone='.$phone.'&timeint='.$realtime.'&dateint='.$date.'&due='.$due.'&type='.$letter.'&empint='.$empint.'&deliveroption='.$returntype.'&uniqueid='.$uniqueid.'&addy='.$addy.'&re='.$re.'&doc='.$doc.'&dear='.$dear.'&sd='.$sd.'&hh='.$hh.'&cc='.$cc.'&digitalsig='.$digitalsig.'"><img src="images/submit.gif" border="0"></a></center>
<p align="center">'.$date.'</p>
<p align="left">'.$addy.'</p>
<table border="0" cellspacing="1" width="33%" id="AutoNumber1" height="91">
<tr>
<td width="25%" height="19"><b>RE:</b></td>
<td width="75%" height="19"><b>'.$re.'</b></td>
</tr>
</table>...';
If I view the source on this page, letter_preview.php, and take a look at the code near the image, I see this:
<a href="letter_upload.php?letter=13&po=John Doe&phone=1111&timeint=02:59:00 pm&dateint=July 01, 2002&due=07/2/02&type=13&empint=JD&deliveroption=Return to Officer&uniqueid=99893&addy=1
<br>#2
<br>3&re=Status&doc=4&dear=5&d1=6&cc=7&digitalsig=Unavailable"><img src="images/submit.gif" border="0"></a>
Which looks fine, so I submit the letter.
When I look at the completed letter which querys the database for the letter, and when I look at the database it self, it looks like everything after "...addy=1<br>" and before "#2" is dropped off. The same thing happens when I use " only it actually jumps the line of code out of the <a href html tag.
I don't know whats going on 😐
Any help or suggestions on other ways on how this could work would be appreciated.
Shawn
