Cofa Posted January 25, 2015 Share Posted January 25, 2015 I have a textarea in a form to collect user message to a database. When the entry is stored to database all html tags are converted into text. Users can include any number of URLs in the message. With my current settings all the URLs will be printed on the webpage as static character strings (i.e., they are not "clickable."). I wonder how I could make those URLs become clickable links when the message is retrieved from database and printed on a webpage, using purely PHP coding? Link to comment Share on other sites More sharing options...
HartleySan Posted January 25, 2015 Share Posted January 25, 2015 What do you mean by "all HTML tags are converted to text"? Link to comment Share on other sites More sharing options...
Cofa Posted January 26, 2015 Author Share Posted January 26, 2015 Hi HartleySan, thanks for your response. What I mean is that the entry will be stored to database using this code: $message = mysql_real_escape_string(htmlspecialchars(trim($_POST['message']))); When the entry is retrieved from database I use this code to print the message on the webpage: echo nl2br($row['message']); The effect is that all HTML tags (if any) will be printed in text strings. For example, the <a href...> tag will become <a href...> and the anchor tag will have no effect as a clickable link. But the goal of my question is to see how I could change a simple URL text string (no HTML tag) a user has entered in the textarea can be printed as an active link on the webpage, using PHP coding. I think I might be able to do one URL in the message using strstr() but I would not know how to do it if there is more than one URL in the message. Link to comment Share on other sites More sharing options...
HartleySan Posted January 26, 2015 Share Posted January 26, 2015 I still don't really understand your question, but it sounds like you are turning all HTML special characters into HTML entities before inserting the data into the database, and you then want to (sometimes) turn the a links back into actual links. Is that correct? Operating on that assumption, I have a few comments: I would not recommend altering the user input before it's put in the DB. I would alter it as need be every time you retrieve it for view purposes. Keeping the input in its raw form in the DB will give you maximum flexibility. To do a mass string replace across disparate values, you're going to have to use regexes. This is not a trivial task if you're not used to it. I warn against attempting this because of #3 below. Allowing for clickable links from user input is one of the biggest security risks you can imagine. I would be very careful about how you handle this. With all that said though, I'm still not sure I understand your question, so please clarify. Thank you. Link to comment Share on other sites More sharing options...
Cofa Posted January 27, 2015 Author Share Posted January 27, 2015 Sorry it looks like I am making things complicated. To make it easier to understand what I wish to do I am rewording my question again: Say if I send an email message to introduce a website to my friend. I would simply type (or copy and paste) the URL in text: "Visit this site to find out: www.sitename.com." When the message is received in the reader's browser, the URL will become a "clickable link" - this feature is seen in Gmail and many email services. And this is what I try to accomplish with my site: User can type any number of URLs in the textarea input area (I assume they know very little HTML tags), and when the message (eg, advertising) is published on a webpage, the URLs in the message will be converted into active links. Thanks for your comments. After some research I agree that it is not an easy job for me. I might just leave the URLs in plain text form for now then. Link to comment Share on other sites More sharing options...
HartleySan Posted January 27, 2015 Share Posted January 27, 2015 Okay, I think I understand what you're asking now. Like I said before though, this is not a trivial task, and will require the use of at least one very complicated regex. To get you started, please look at the following: http://stackoverflow.com/questions/161738/what-is-the-best-regular-expression-to-check-if-a-string-is-a-valid-url If you're still up for the challenge, give it a go and report back with any problems you find. Link to comment Share on other sites More sharing options...
Cofa Posted January 28, 2015 Author Share Posted January 28, 2015 Thanks again Hartley San. I have decided to avoid the complicated regular express approach. For purposes of sharing with the forum, my solution to allow user to add links in their message (an ad page), is to have them fill in up to 9 sets of input fields. Each set consists of one "caption" field and one "full url" field. When the page is loaded, those links (if any) will be listed at the bottom, apart from the message block (each link is rendered by combining a caption and a full url in pair). It's not fancy at all but should serve the needs of most users of our services. Link to comment Share on other sites More sharing options...
HartleySan Posted January 28, 2015 Share Posted January 28, 2015 It may work, but realize that you're now allowing any valid URL to get through and potentially lead users to malicious sites. Link to comment Share on other sites More sharing options...
Recommended Posts