473,322 Members | 1,526 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

html notepad (help)

5
Hi, i have a problem here with the html notepad.. as shown in the image1 and image2.. when i press "enter" for one or two new lines,and after i click "Update!",
the "rn" appears instead of showing new lines..
could anyone teach me how to fix this problem?
thanks in advance.
Attached Images
File Type: jpg image1.jpg (8.7 KB, 159 views)
File Type: jpg image2.jpg (8.2 KB, 308 views)
Dec 2 '09 #1
10 2234
Dormilich
8,658 Expert Mod 8TB
I may look into the problem, if I knew what the update function does.
Dec 2 '09 #2
sHyuAn
5
The below is the part for notepad that i inserted in php codes. Thanks for your kind help. :)
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. if(isset($_POST['pn_update']))
  3. {
  4. $db->query("UPDATE users SET user_notepad='{$_POST['pn_update']}' WHERE userid=$userid");
  5. $ir['user_notepad']=stripslashes($_POST['pn_update']);
  6. print "<br /><b>Memorandum Updated!</b>";
  7. }
  8. print "<fieldset style='border: 1px dashed #606060; width: 450px;'>
  9. <legend align='center'><b>My Memorandum</b></legend><br /><form action='home.php' method='post'>
  10. <textarea rows='15' cols='50' name='pn_update'>".htmlspecialchars($ir['user_notepad'])."</textarea><br />
  11. <input type='submit' value='Update!' /></form></fieldset>";
  12. ?>
Dec 2 '09 #3
Dormilich
8,658 Expert Mod 8TB
on line 5 you strip the text of slashes (including the slashes for "\r\n" which then become "rn"). and think about your DB security, currently it’s unprotected against SQL Injection.

PS. am I right in the assumption that you use the Latin-1 charset for your website?
Dec 2 '09 #4
sHyuAn
5
But if the stripslashes is not there, it will cause the same problem with those slashes like "Have a nice day\r\nHave a nice day". I am very new to web development. Learning through online. Hope to learn more by asking questions. And would you mind to brief me or gimme an example on how to secure the DB?

And, yeah you are right.. Latin1 is used.
Dec 2 '09 #5
drhowarddrfine
7,435 Expert 4TB
In HTML, \r\n doesn't mean anything. Line breaks are generated using the html tag <br> instead.
Dec 2 '09 #6
sHyuAn
5
To: Dormilich,

Can I use the below way to prevent injections?

Expand|Select|Wrap|Line Numbers
  1. $MailUser = sprintf("INSERT INTO mail VALUES ('', 0, 0, %u, unix_timestamp(), 'Forum Subscription', 'Please view your forum subscriptions, a new post has been made!')", $mail['userid']);
  2.  
  3. $db->query($MailUser);
Dec 2 '09 #7
Markus
6,050 Expert 4TB
@drhowarddrfine
However, in a textarea element these characters do represent a carriage-return and line-feed, no?
Dec 2 '09 #8
Markus
6,050 Expert 4TB
@sHyuAn
No. See this entry in the PHP.net documentation for SQL injection.
Dec 2 '09 #9
sHyuAn
5
Thanks markus for pointing me to the site.. :)
Dec 2 '09 #10
drhowarddrfine
7,435 Expert 4TB
I'm probably not paying attention cause I didn't know this was in a textarea so here's the docs on that.
Dec 2 '09 #11

Sign in to post your reply or Sign up for a free account.

Similar topics

71
by: tomy_baseo | last post by:
I'm new to HTML and want to learn the basics by learning to code by hand (with the assistance of an HTML editor to eliminate repetitive tasks). Can anyone recommend a good, basic HTML editor that's...
15
by: Pasta Bolognese | last post by:
Open VS.2003. Click on a control on an aspx page in the HTML view. Does it tell me the pixel position on the page? Nooooooooooo.................
9
by: Josh Mayfield | last post by:
Note: There is considerable background detail here, but I do have three questions, which are clearly marked and appear right before the sample code. I have a legitimate need to launch an EXE...
5
by: RRD | last post by:
On a school network, using notepad or wordpad, running windows xp, the system is not allowing a save as FILE.html. it saves as .txt even when set to 'all files' in notepad and 'text only' in...
9
by: Frances | last post by:
at work we switched to UTF-16 encoding and now when I open html files in HomeSite the code is all messed up, and if I turn on "enable non-ANSI file encoding" code looks fine when I open files but I...
3
by: Thuan Do | last post by:
Hi, Could someone help me with my problem as follows: I have a big MS Access database full of sentences (Vietnamese proverbs) in Unicode. Now when I try to search for sentences (that contain...
9
by: Sandy | last post by:
can mfc application, send text data to opened notepad file in desktop?(live transfer of data) . can anybody help
8
by: VB Programmer | last post by:
I am sending an HTML mail message in my web app. When I copy/paste the HTML of the main body into notepad and name it 1.html it looks perfect. When I receive the email everything looks good...
78
by: Robert Baer | last post by:
The homepage i have had up and seemingly working is: http://oil4lessllc.com/ However, the validator has so many complaints, and being so incompetent, i have no clue as to how to fix it all. Would...
1
by: kevin.a.sweeney | last post by:
I would like to open an application from a hyperlink on a webpage. 1. the webpage is located on my local machine. 2. the application is located on my local machine. 3. the application will run...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.