Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

*headache* storing raw textarea data

Status
Not open for further replies.
Leozack

Leozack

MIS
Oct 25, 2002
867
GB
Code: 
Ok, this is a common problem and if there was an easy answer I'm sure I'd already know it.  Infact I do, but my head hurts so I'll carry on before jumpin in bed at 4:33am as it is now ...
Basically, when a user submits info in a form, yuo can pass it through filters like stripslashes, replace < and > with their html equivilents of &gt; and &ltl;, and basically prepare them so that they can be stored in a text file but then displayed ok on a browser, but not allowing any malicious code that way.
However, the problem is what if you have a system like mine where there is a masterphp page that does all the work, and if you've not filled out the form yet it includes a form, if you've filled it out it filters the stuff and gives you a retry form if ther were errors and an confirm form if there weren't.  The confirm form points back to the retry form if you say no and to the page that does the writing work if you say yes.
My problem is that, basically, things get screwed up when passed around as hidden form inputs.  Well, they seemed to be fine until I used a textarea.  I've used one before but that wasn't filtered as it didn't need to be stripped of code and didn't need to have linebreaks sustained.
Now I'm filtering one, as I need to remove dodgy code and replace \r with <br /> so that it displays in the browser correctly.  However, whether it's just the <br />'s or not I dunno, but things screw up bigtime.  So, I was wondring what people thought was the best way to pass around textarea data from page to page, and then the best process to put it through before saving.
Argh, my head, must sleep ...
_________________________________
Leozack
Code: 
MakeUniverse($infinity,1,42);
 
Sort by date Sort by votes
I'll add that the confirmation page that has access to the stuff from the master page (it is included from there) passes on the textarea stuff in a hidden form input. The result, even on the confirmation page infact (possibly, not sure, head hurts) is one with escapes still in, like &quot;don\'t&quot;. Dispite going through my filter that incldues stripslashes(). =( I wonder, I'm sure it's all my fault somehow =/
I'll be laughing when it's done, until then I'l be crying ... _________________________________
Leozack
Code: 
MakeUniverse($infinity,1,42);
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

R
  • Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
267
Chris Miller
Chris Miller
Brianfree
  • Locked
  • Question
Dropdown list data generator
Replies
3
Views
276
Brianfree
Brianfree
milisql
  • Locked
  • Question
Fetching Data But not calculating Correctly
Replies
0
Views
505
milisql
milisql
lexer
  • Locked
  • Question
Join two mysql tables for populate datatable
Replies
3
Views
270
spamjim
spamjim
lexer
  • Locked
  • Question
Fetching Data from Mysql and filling Inputs in a Form
Replies
0
Views
151
lexer
lexer

Part and Inventory Search

Sponsor

Back
Top