Formatting text in formfields???

qrt123

Hi there

Two questions:
1: I have a form with a textarea where guests can submit some text. It then goes into a MySql database.
If they should refer to a webadresse, I woul like the adresse to be a link on my page when the text is shown. BUT I would also like to make use of code to prevent malicious code from being entered into my database.
Can it be done.

2: How do I use javascript to enter formatting-tags and link tags into formfields.

Sincerely
qrt123

laserlight

Ensure you escape quotes (and some other characters) in the data, say by using addslashes(), and enclose data submitted in quotes.
To have a link, one possible way is to check for a "http://" (or "https://", but I dont think ppl will use that), then create a link say with:

while ($row = mysql_fetch_array($query)) {
	echo '<a href="' . htmlspecialchars($row['url']) . '" target="_blank">' . htmlspecialchars($row['urlname']) . '</a>';
	//etc
}

assuming you're using a mysql DB with the query results stored in $query

Well, maybe look at the JS on this forum and see 😃

mcgruff

One further small point: make sure you enclose always enclose values in the mysql query string in single quotes (even if you expect an integer - form forgers might have other ideas) ie:

INSERT INTO table SET column='$var'

Oops just realised Laserlight said that already. Time I went to bed.

qrt123

Hi there

Thanks for the replys!

Sincerely
qrt123