0

I am having an issue where I am having a user enter information into a textarea and and having that information stored in a mysql database. The user is allowed to insert HTML into the textarea such as:

<ul>
  <li>Test</li>
</ul>

However, I am having trouble seeing why the data that is being retrieved from the database to display the data the user has entered, is not showing the correct HTML format the user requested.

This is what I have: Displaying the information:

<?php
function display ($result) {
  if (mysql_num_rows($result) > 0) {
    echo "<form action='scripts/submit.php' method='post'>";
      echo "<input type='submit' name='post' value='Post'/>";
      echo " | ";
      echo "<label for='searchDate'>Search Archives By Date:</label>";
      echo "<input type='text' name='searchDate'>";
      echo "<input type='submit' name='submitDate' value='Search'/>";
      echo " | ";
      echo "<label for='searchTicket'>Search Archives By Ticket:</label>";
      echo "<input type='text' name='searchTicket'/>";
      echo "<input type='submit' name='submitTicket' value='Search'/>";
      echo "<hr/>";
    echo "</form>";
    echo "<table border='1' id='resultTable'>";
      while($row = mysql_fetch_assoc($result)) {
      $replace = str_replace ("\n","<br/>",$row['content']);
      echo "<tr>";
        echo "<td><span id='boldText'>Entry By:</span> ".$row['user']." | <span id='boldText'>Description:</span> ".$row['description']." | <span id='boldText'>Entry Date:</span> ".$row['date']."</td>";
      echo "</tr>";
      echo "<tr>";
        echo "<td>";
            echo "<p>".$replace."</p>";
        echo "</td>";
      echo "</tr>";
      echo "<tr>";
        echo "<td>";
          echo "<form action='scripts/submit.php' method='post'>";
            echo "<input type='hidden' name='count' value='$row[count]'/>";
            echo "<input type='submit' name='edit' value='Edit'/>";
            echo "<input type='submit' name='delete' value='Delete'/>";
          echo "</form>";
        echo "</td>";
      echo "</tr>";
          }
          echo "</table>";
      }
      else {
        echo "<h3 id='noResults'>Nothing has been posted yet.  Click 'Post' to add something to the whiteboard.</h3>";
        echo "<form action='scripts/submit.php' method='post'>";
          echo "<input type='submit' name='post' value='Post'/>";
        echo "</form>";
      }
}

?>

Add Post Logic:

if(isset($_POST['add_post'])) {
$content = mysql_real_escape_string($_POST['content']);
$description = mysql_real_escape_string($_POST['desc']);

  $query = "INSERT INTO $table_name (user, description, content)
            VALUES ('$_SESSION[logged_in]','$description', '$content')";
  $result = mysql_query($query);
  session_write_close();
  header('Location: ../whiteboard.php');
}

For some reason the example above will not work, but this will:

<p style="font-weight: 900;">Test</p>
Improve this question
8
  • 2
    Holy echos, batman. Have you considered HEREDOCs or breaking out of PHP mode (?>) instead? Commented May 14, 2012 at 3:30
  • You can't put <ul> inside of <p>. Commented May 14, 2012 at 3:36
  • What is being saved to the database i.e. is is actually being saved as HTML code (I know its intended to be, but when you check the database directly, whats there?)? I also agree with @MarcB - you don't need to use php to generate the HTML code, in this example it would be much more convenient to break out of php to use HTML Commented May 14, 2012 at 3:47
  • @FluffyKitten - Yes, the data is being saved with the HTML in tact: <ul> <li>Test</li> </ul> Commented May 14, 2012 at 3:49
  • And you say its not showing the correct format - what way is it showing? Commented May 14, 2012 at 3:52

2 Answers 2

Reset to default
1

Try parsing before insert in database using htmlentities() or nl2br() and doing the oposite when getting it back.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

If you're viewing the database entries in a browser, you're going to see the result of the formatted HTML, not the actual markup - use htmlentities($result) if that's what you are after.

View the page source to see what is being retrieved and see how it differs from what you expect to see.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.