Topic awaiting preservation: HTML Form formatter? (Page 1 of 1) |
|
---|---|
Nervous Wreck (II) Inmate From: Underneath a mountain of blankets. |
posted 01-12-2007 18:50
I'm gonna end up having something where I type words into a box, they get stored in a MySQL database, and then displayed on a page with a PHP loop. |
Maniac (V) Mad Scientist From: Rochester, New York, USA |
posted 01-12-2007 20:54 |
Nervous Wreck (II) Inmate From: Underneath a mountain of blankets. |
posted 01-12-2007 21:59
nl2br I'm taking it is \n --> <br> (Genius aren't I?) |
Maniac (V) Mad Scientist From: Denver, CO, USA |
posted 01-12-2007 22:16
There are a variety of things you can do. nl2br is a good one that turns line breaks into <br /> tags, and htmlspecialchars works well in stripping out malicious code. code: function formatForDisplay($str) { $str = htmlspecialchars($str); $str = preg_replace("/(\r\n¦\n¦\r)/", "\n", $str); $str = preg_replace("/\n\n+/", "\n\n", $str); $str = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "<p>$1</p>\n", $str); // make paragraphs, including one at the end if (get_magic_quotes_gpc()) return stripslashes($str); else return $str; }
|
Nervous Wreck (II) Inmate From: Underneath a mountain of blankets. |
posted 01-13-2007 05:29
Twitch, all my base are belong to you. Now this is the FOURTH time in about a day where I've looked at a regex, and had NO clue what it does. |
Maniac (V) Mad Scientist From: Denver, CO, USA |
posted 01-13-2007 21:13
I use that particular function in sites all over the place, and sometimes I don't have complete control over whether or not get_magic_quotes_gpc() is turned on or not, so I keep it in just to catch it, not for avoiding sql injections. If the slashes were added on insertion into the database, I want to make sure they're removed when they're displayed. |