Form problem

Renzo

How can I prevent that users put html code in their guestbook entry?

My main question is, when a user pushes enter in my textarea, it isn't stored! Only <BR> seems to do the trick.. how can i convert the 'enter' ascii to a <BR>?

Sorry for the bad english 😃

Greets,
Renzo

theeper

look at the nl2br() function.

hand

To prevent that users put html code into form fields ...
htmlspecialchars() -- Convert special characters to HTML entities
http://www.php3.de/manual/en/function.htmlspecialchars.php

To convert NewLines to <br />
nl2br() -- Inserts HTML line breaks before all newlines in a string
http://www.php3.de/manual/en/function.nl2br.php

Renzo

Thanks!

Vinnepin

Cant seem 2 get that nl2br fuction to work 🙁.
Do u know how??

swjohnson

We are all relative newbies here and need to see what the problem is before we can give meaningful answers.

hand

$contentWithNewLine = "Here is a \n newline ";
print nl2br($contentWithNewLine); // this command prints: "Here is a <br /> newline"

ahundiak

Actually, htmlspecialchars is used when sending data TO a form to prevent characters like < from messing up the html.

To prevent users from entering html code, use something like
$str = strip_tags(stripslashes($_POST[$name]));

Check the manual, you can actually allow some html like <em> elements through if you want.

swjohnson

When you want to use quotes (") in your php code you must preface it with a backslash. i.e. \" and it will print "

When you want to print a backslash in your php code you must preface it with a backslash. i.e. \ and it will print \

So, if you want the screen to display

Here is a \n new line... you must type

here is a \n new line...

Is this the answer you are looking for? Or have I again misunderstood what you are asking?

OR are you looking for a way for your guests from using html code in your guestbook?

Your guestbook, if it was written by someone else, should have an html logical field (allow_html) that either allows or disallows html input.

I think what you really want is a way to prevent SSI's.