Re: [phplib] ">" in frozen textarea box From: Dmitry Tsitelov (cit <email protected>)
Date: 07/19/01

On Thu, Jul 19, 2001 at 08:00:03PM +0100, Dima Nemchenko wrote:
> Mikhail Avrekh wrote:
>
> > This is perhaps marginally related to PHPLIB, but I hope someone on this
> > list have had some experience with a similar problem.
> >
> > I have a bunch of forms using the oohforms class. One of the forms is full
> > of <textarea> elements, into which a user may paste potentially huge
> > blocks of text to save in the database. I also need to display this form
> > with the saved text either in an updateable format or in a read-only
> > ("frozen") format depending on the privs etc.
> >
> > The problem is with the "frozen" form. If a user enters something like
> > "a > b" into the box, this completely screws up the read-only form. The
> > HTML then looks roughly like this:
> >
> > <hidden name=myverylongvar value='blahblahblah forever a > b more blah'>
> > <table border=1><tr><td>
> > blahblahblah forever a > b more blah
> > </td></tr></table>
> >
> > ...which seems fine, except the browser appears to treat that ">" as a
> > closing tag, so " b more blah", which can be quite long, pops up in plain
> > text directly above the box with the text. The user freaks out. The
> > developer doesn't know how to escape that ">". Any suggestions ?
> >
> > Thanks !
> >
> > M.
> >
> > --
> > Abbestellen mit Mail an: phplib-unsubscribe <email protected>
> > Kommandoliste mit Mail an: phplib-help <email protected>
>
> Hi Mikkhail,
>
> No experience with oohforms, so this might not be of any help at all! :)
>
> ereg_replace('>','&gt;',$user_string) before you assign it to the form? But
> then that wouldn't show up right in the TEXTAREA itself...
>
> Anybody else?

I think that something like

$user_string = htmlspecialchars($user_string)

whould be much more appropriate. 

-- 
Dmitry Tsitelov
mailto:cit <email protected>

-- 
Abbestellen mit Mail an:   phplib-unsubscribe <email protected>
Kommandoliste mit Mail an: phplib-help <email protected>