Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
Reload this Page Ajax - Edit-in-place prob ( html )
FAQ Members List Calendar Search Today's Posts Mark Forums Read
  #1  
Old 07-01-2008, 02:22 PM
Mixtoon's Avatar
Mixtoon Mixtoon is offline
 
Join Date: Aug 2007
Location: United Arab Emirates
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Ajax - Edit-in-place prob ( html )
Hi,

I have a code which helps me to edit a text and save it to database.

the files I have:

articles.html

PHP Code:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<script type="text/javascript" src="prototype.js"></script>

<script type="text/javascript">

    function init()
    {
        Event.observe("edit""click", function(e){ edit_in_place() });

        Event.observe("save""click", function(e){ save() });

        Event.observe("cancel""click", function(e){ cancel() });
    }

    function edit_in_place()
    {
        $("save_settings").style.display "inline";

        $("edit_settings").style.display "none";

        var article_title '<input type="text" name="article_title" id="article_title"';
        article_title += 'size="30" value="'+$("title").innerHTML+'" >';
        
        $("title").innerHTML article_title;
        


    }
    
    function save()
    {
        new Ajax.Request("articles.php"
            {
                method"post",
                postBody"title="+$F("article_title")+
                "&uid=1"+"&save="+$F("save"),
                onCompleteshow 
            }
        );
    }

    function show(res)
    {
        $("title").innerHTML = $("article_title").value;
        $("save_settings").style.display "none";
        $("edit_settings").style.display "inline";
    }

    function cancel()
    {
        $("title").innerHTML "Edit the article title here...";
        $("save_settings").style.display "none";
        $("edit_settings").style.display "inline";
    }

</script>

</head>

<body onload="init()">
    <div>Title:</div>
    <span id="title">
        Edit the article title here...
    </span>
    
    <span id="edit_settings">
        <input type="button" id="edit" name="edit" value="edit" >        
    </span>
    
    <span id="save_settings" style="display:none">
        <input type="button" id="save" name="save" value="save">&nbsp;
        <input type="button" id="cancel" name="cancel" value="cancel">
    </span>
</body>

</html


prototype.js





and articles.php which conatin the orders to save the text in the database.




the problem is I don't want any body to enter html code,


I mean if some one edit the text and write:

<b>test</b>

it should give him this:
<b>test</b>


and NOT:
test



so how to do that?
Reply With Quote
  #2  
Old 07-01-2008, 07:38 PM
MoT3rror MoT3rror is offline
 
Join Date: Mar 2007
Posts: 423
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
http://www.php.net/htmlspecialchars
Or
http://www.php.net/manual/en/function.htmlentities.php
Reply With Quote
  #3  
Old 07-02-2008, 03:24 AM
Mixtoon's Avatar
Mixtoon Mixtoon is offline
 
Join Date: Aug 2007
Location: United Arab Emirates
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thanks MoT3rror,

but this is for the php file.

I need it for the javascript!

--------------- Added [DATE]1214975648[/DATE] at [TIME]1214975648[/TIME] ---------------

ok I know I should use escapeHTML()

but how to add that to this code?

Code:
<script type="text/javascript"> 

    function init() 
    { 
        Event.observe("edit", "click", function(e){ edit_in_place() }); 

        Event.observe("save", "click", function(e){ save() }); 

        Event.observe("cancel", "click", function(e){ cancel() }); 
    } 

    function edit_in_place() 
    { 
        $("save_settings").style.display = "inline"; 

        $("edit_settings").style.display = "none"; 

        var article_title = '<input type="text" name="article_title" id="article_title"'; 
        article_title += 'size="30" value="'+$("title").innerHTML+'" >'; 
         
        $("title").innerHTML = article_title; 
         


    } 
     
    function save() 
    { 
        new Ajax.Request("articles.php",  
            { 
                method: "post", 
                postBody: "title="+$F("article_title")+ 
                "&uid=1"+"&save="+$F("save"), 
                onComplete: show  
            } 
        ); 
    } 

    function show(res) 
    { 
        $("title").innerHTML = $("article_title").value; 
        $("save_settings").style.display = "none"; 
        $("edit_settings").style.display = "inline"; 
    } 

    function cancel() 
    { 
        $("title").innerHTML = "Edit the article title here..."; 
        $("save_settings").style.display = "none"; 
        $("edit_settings").style.display = "inline"; 
    } 

</script>
Reply With Quote
  #4  
Old 07-02-2008, 06:22 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You should ALWAYS sanitize data server-side. That means, you should run htmlspecialchars() in your PHP script. Sanitizing client-side (ie. with Javascript) can be easily bypassed.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 07:39 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09644 seconds
  • Memory Usage 2,215KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (4)post_thanks_box
  • (4)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit_info
  • (4)postbit
  • (4)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete