0

i know there must be thousands of threads like this, but the internet and stack overflow is flooded with results from other programming languages and simply replacing the characters with a whitespace and so on...

so... my problem is as follows...

i have a form with: <input type='text' id='my_input'>

then i parse all my fields in javascript (with jquery) to create my ajax call, like this

var my_value = $('#my_input').val();

then i do a replace to get the line breaks my_value = my_value.replace('\n', '<br>');

after that i post my variables with ajax like this:

data_to_post = 'my_field1=' + my_value1 + 'my_field2' + my_value2;

$.ajax({  
type: 'POST',  
url: '/write_to_db.php',  
data: data_to_post
});

now many people on my site talk about programming and that content started screwing up my site, because their post content gets parsed as php or as html formatting - i'm planning to replace all the problematic characters that could screw up the code of my site.

the most problematic expressions are html tags and &= because it interferes with the way i put my post variable together.

now, because those characters are necessary for the content, i can't simply replace them all with with a single character.

is there any way i could escape them (at best in a one line command)?

thanks!

UPDATE: my temporary solution is this:

this_string = this_string.replace(/</g, '&#60;');
this_string = this_string.replace(/>/g, '&#62;');
this_string = this_string.replace(/\n/g, '<br>');
this_string = escape(this_string);
Improve this question

7 Answers 7

Reset to default
1

try the javascript function escape(): http://www.w3schools.com/jsref/jsref_escape.asp

data_to_post = 'my_field1=' + escape(my_value1) + 'my_field2' + escape(my_value2);

Edit:

to deal with the HTML characters the people are not allowed to post, you could php this:

$outputstring = "hi<br />bye!";
echo htmlspecialchars($outputstring);

info on how this works: http://php.net/manual/en/function.htmlspecialchars.php

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

this works pretty good :) now i still have the html tags do deal with, do you know any solution for that?
1

I would use $.serializeJSON() on the form element itself to gather up all the values for the entire form. Then I would send that to the server-side script via an AJAX call. A task like parsing a complex comment or text field that allows for code as well as plain text is better left to a server-side language.

Improve this answer

4 Comments

i have never used that, does this mean, i'd have to send all my my_value variables to a script that then returns them with the characters escaped?
Well, this is a CMS of sorts, yes? So, you are looking to store this information in a database somewhere to be retrieved by other users? You're going to have to send it to the server at some point anyways.
yes, it's a facebook-like community for my company. i will read about $.serializeJSON, thanks so far
Someone else here suggested requiring your users to wrap the code (HTML or otherwise) in a special tag (<code> might work). This has generally been the approach I've used to achieve what you are going for. You can then read through the submitted text on the server-side and parse differently the text within the code tags from the normal plain text outside.
0

How about:

my_value = my_value.replace(/\n|\.|\~/g, '<br>');

Put your characters to replace around the | (OR) separator and have the /g flag at the end

Improve this answer

2 Comments

that's doesn't really solve my problem, because now: my_value = "my ".phpinfo()." content" returns "my "<br>phpinfo()<br>"content"
I thought that's what you wanted. I should have read your requirements more closely.
0

Although your intent is not entirely clear to me, you could preserve the programmers' content and still display the carriage return/linefeed by wrapping the expression in a tag.

Another possibility is to use CSS to style the appearance. Take a look at the answer to this post: How can I replace certain carriage return line feed followed by a dash with a <br/>?

Improve this answer

1 Comment

this doesn't help me, the problem is for example when people start typing things like &=, because i post the content to php with ajax like in this variable: data_to_post = 'my_value1=' + my_value1 + '&my_value2=' + my_value2;
0

It sounds like you are simply wanting to encode the HTML characters to preserve the HTML characters, so if this is the case the following will encode the text correctly:

var textVal = $('#my_input').val();
var encoded = $('<div/>').text(textVal).html();

This creates an in-memory div to help with encoding. To decode you can simply change the div call to:

  var unencoded = $('<div/>').html(textVal).text()
Improve this answer

3 Comments

this is not what i'm trying to do. i'm writing the contents to a database that i then read in php with mysql_fetch_array()
Then I am not totally clear based on your original question what you are trying to do. Are you simply looking for the line breaks? If not, what sets of text are you considering problematic?
i'm looking to escape all special characters and replace line breaks with <br>
0

Have you considered making PHP handle that for you like in the following example..?

nl2br(htmlspecialchars($str,ENT_QUOTES,'UTF-8'));
Improve this answer

Comments

0 
$.ajax({  
type: 'POST',  
url: '/write_to_db.php',  
data: {
   'my_field1': my_value1,
   'my_field2': my_value2
}
});

Pass an object in the data instead of a string, jquery do that for you.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.