Antivirus
08-12-2007, 02:15 AM
I'm having an issue where I need to display data for user to edit in a <textarea> field. For instance, user enters following data:
Posted the banner on my myspace profile. Also posted their video on my blog, etc...
Oh yes i did.
That's what I am talking about. "oh yeah" i said
And i use the input cleaner on it as TYPE_NOHTML and escape it using $db->escape_string() which stores it in the db like this:
Posted the banner on my myspace profile. Also posted their video on my blog, etc... \r\n\r\nOh yes i did.\r\n\r\nThat\'s what I am talking about. "oh yeah" i said
I'm actually escaping the user input with this before sending it to a custom datamanager which I have attached. That's where the save takes place.
// Escape stuff to prevent Sql Injection from nasty people
$pagetext = $db->escape_string($pagetext);
$url = $db->escape_string($url);
// init fbpost datamanager class
$fbpostdata =& datamanager_init('scFbpost', $vbulletin, ERRTYPE_STANDARD);
// set existing data
$fbpostdata->set_existing($fbpost);
// set new data
$fbpostdata->setr('pagetext', $pagetext);
$fbpostdata->setr('url', $url);
$fbpostdata->pre_save();
$fbpostdata->save();
Then to diplay the data I loop through the SQL result as follows:
while ($fdbkdetail = $db->fetch_array($feedbackdetail_result))
{
// Create the feedback post id
$fbpostid = $vbphrase['feedback'] . " Post id:" . $fdbkdetail['postid'];
// Parse the listbit template
eval('$feedbackbits .= "' . fetch_template('sc_myteams_feedback_bit') . '";');
}
Anu idea how to get the data to display in the <textarea> field as entered, and without all the /r/n stuff?
Thanks :)
Posted the banner on my myspace profile. Also posted their video on my blog, etc...
Oh yes i did.
That's what I am talking about. "oh yeah" i said
And i use the input cleaner on it as TYPE_NOHTML and escape it using $db->escape_string() which stores it in the db like this:
Posted the banner on my myspace profile. Also posted their video on my blog, etc... \r\n\r\nOh yes i did.\r\n\r\nThat\'s what I am talking about. "oh yeah" i said
I'm actually escaping the user input with this before sending it to a custom datamanager which I have attached. That's where the save takes place.
// Escape stuff to prevent Sql Injection from nasty people
$pagetext = $db->escape_string($pagetext);
$url = $db->escape_string($url);
// init fbpost datamanager class
$fbpostdata =& datamanager_init('scFbpost', $vbulletin, ERRTYPE_STANDARD);
// set existing data
$fbpostdata->set_existing($fbpost);
// set new data
$fbpostdata->setr('pagetext', $pagetext);
$fbpostdata->setr('url', $url);
$fbpostdata->pre_save();
$fbpostdata->save();
Then to diplay the data I loop through the SQL result as follows:
while ($fdbkdetail = $db->fetch_array($feedbackdetail_result))
{
// Create the feedback post id
$fbpostid = $vbphrase['feedback'] . " Post id:" . $fdbkdetail['postid'];
// Parse the listbit template
eval('$feedbackbits .= "' . fetch_template('sc_myteams_feedback_bit') . '";');
}
Anu idea how to get the data to display in the <textarea> field as entered, and without all the /r/n stuff?
Thanks :)