spsteve Posted February 1, 2013 Share Posted February 1, 2013 In chapter 17, when creating the post.php file, for some reason it does not register the enter/return key as starting a new paragraph, so it displays as one big paragraph for each post. What am I doing wrong? Link to comment Share on other sites More sharing options...
HartleySan Posted February 1, 2013 Share Posted February 1, 2013 Could you please provide some code? Link to comment Share on other sites More sharing options...
margaux Posted February 1, 2013 Share Posted February 1, 2013 What are you using to enter text? A simple textarea input field does not recognise formatting or html characters. You will need to employ something like CKEditor or tiny_mce for this additional functionality. I've only used the latter and found it easy to implement but have also heard good things about the former. Other options would be to use use str_replace to replace newline characters with the html break tag when outputting the post e.g. str_replace("\n", '<br>', $row['post']) or when selecting from the database you could use REPLACE to do the same. Link to comment Share on other sites More sharing options...
Antonio Conte Posted February 1, 2013 Share Posted February 1, 2013 It might be as simple as using the nl2br() function on the input. It stands for new line to break. (\n to <br />) http://php.net/manual/en/function.nl2br.php Link to comment Share on other sites More sharing options...
spsteve Posted February 2, 2013 Author Share Posted February 2, 2013 Thanks for your help on this! I've read a little about the nl2br() function and the str_replace, but where would I put it in my code? Here's my code (straight from the book), but I don't see where I could put the nl2br() or str_replace functions. Any help is greatly appreciated: // Validate thread ID ($tid), which may not be present: if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['tid']) && filter_var ($_POST['tid'], FILTER_VALIDATE_INT, array ('min_range' => 1)) ) { $tid = $_POST['tid']; } else { $tid = FALSE; } //If there's no thread ID, a subject must be provided: if (!$tid && empty($_POST['subject'])) { $subject = FALSE; echo '<p>Please enter a subject for this post.</p>'; } elseif (!$tid && !empty($_POST['subject'])) { $subject = htmlspecialchars(strip_tags($_POST['subject'])); } else { $subject = TRUE; } if (!empty($_POST['body'])) { $body = htmlentities($_POST['body']); } else { $body = FALSE; echo '<p>Please enter some text for this post.</p>'; } if ($subject && $body) { // Add the message to the database... if (!$tid) { // Create a new thread. $q = "INSERT INTO threads (user_id, subject) VALUES ({$_SESSION['user_id']}, '" . mysqli_real_escape_string($dbc, $subject) . "')"; $r = mysqli_query($dbc, $q); if (mysqli_affected_rows($dbc) == 1) { $tid = mysqli_insert_id($dbc); } else { echo '<p>Your post could not be handled due to a system error.</p>'; } } if ($tid) { $q = "INSERT INTO posts (thread_id, user_id, message, posted_on) VALUES ($tid, {$_SESSION['user_id']}, '" . mysqli_real_escape_string($dbc, $body) . "', UTC_TIMESTAMP())"; $r = mysqli_query($dbc, $q); if (mysqli_affected_rows($dbc) == 1) { echo '<p>Your post has been entered.</p>'; } else { echo '<p>Your post could not be handled due to a system error.</p>'; } } Link to comment Share on other sites More sharing options...
HartleySan Posted February 2, 2013 Share Posted February 2, 2013 I'm not sure how the posted code is relevant. There appears to be only one post being inserted into the DB; no posts are being displayed. Are you sure that's the offending code? Link to comment Share on other sites More sharing options...
margaux Posted February 2, 2013 Share Posted February 2, 2013 Other options would be to use use str_replace to replace newline characters with the html break tag when OUTPUTTING the post You need to find the code that displays the post - it will be in a different script than the one you've posted. After a SELECT statement where you get all the posts, you'll have some echo statements. Find the one that echos out the body of the post, probably something like $row['message'] or $row['body'], Use the str_replace or nl2br function on $row['body']e.g. nl2br($row['body']) Nice call Antonio, I had forgotten about that function. 1 Link to comment Share on other sites More sharing options...
spsteve Posted February 3, 2013 Author Share Posted February 3, 2013 Sorry about that. i'm new to this. I think this is the code that is doing the actual posting, but I could be wrong again. I'm working through Larry's book and trying to understand it all, so i appreciate your patience. <?php # Script 17.6 - post_form.php // This page shows the form for posting messages. // It's included by other pages, never called directly. // Only display this form if the user is logged in: if (isset($_SESSION['user_id'])) { // Display the form: echo '<form action="post.php" method="post" accept-charset="utf-8">'; // If on read.php... if (isset($tid) && $tid) { // Print a caption: echo '<h3> Post a Reply</h3>'; // Add the thread ID as a hidden input: echo '<input name="tid" type="hidden" value="' . $tid . '" />'; } else { // New thread // Print a caption: echo '<h3>New Story</h3>'; // Create subject input: echo '<p><em>Subject</em>: <input name="subject" type="text" size="60" maxlength="100" '; // Check for existing value: if (isset($subject)) { echo "value=\"$subject\" "; } echo '/></p>'; } // End of $tid IF. // Create the body textarea: echo '<p><em>Body</em>: <textarea name="body" rows="28" cols="128">'; if (isset($body)) { echo $body; } echo '</textarea></p>'; // Finish the form: echo '<input name="submit" type="submit" value="Submit" /> </form>'; } else { echo '<p>You must be logged in to post messages.</p>'; } ?> Link to comment Share on other sites More sharing options...
HartleySan Posted February 3, 2013 Share Posted February 3, 2013 That code displays the actual form. Is that what you're asking about? There is indeed a textarea element in the code. Is that what you're asking about? Link to comment Share on other sites More sharing options...
margaux Posted February 3, 2013 Share Posted February 3, 2013 Look at the topic of your post Post Displays As One Big Paragraph Which of your scripts displays the post? That's the one you need to edit. You've asked about displaying posts not inserting posts. You need to find the code that displays the post... After a SELECT statement where you get all the posts, you'll have some echo statements. Link to comment Share on other sites More sharing options...
Antonio Conte Posted February 3, 2013 Share Posted February 3, 2013 Two-sided issue here. One side is saving, the other is displaying. 1. When you save a new post, it looks like it will use line breaks for that. You need to change that to HTML break tags if you intend to save the posts formated. If you want that, be sure to do some research. Allowing users to save HTML can introduce problems such as Javascript in the code. Because of that, considering looking at Wysiwag-editors or BBcode with server-side validation of tags/code. If HTML is not wanted, then you still need to use strip_tags() / htmlentities() /similar to prevent users to add bad code. 2. When you display a posts, you need to change fro new lines to break tags. (If not done in step one) That means, when you echo out $body, the nl2br() function should be applied. 1 Link to comment Share on other sites More sharing options...
spsteve Posted February 5, 2013 Author Share Posted February 5, 2013 Excellent! That did it. I didn't realize that the issue was that I needed to apply nl2br() to the displaying of the post, but not the entering of the post. So, I just did echo nl2br("<p>{$messages['username']} ({$messages['posted']})<br />{$messages['message']}</p><br />\n"); And it worked perfect. Link to comment Share on other sites More sharing options...
Antonio Conte Posted February 5, 2013 Share Posted February 5, 2013 Glad it worked. Note that you probably only have to apply it to $messages['message']; and that you should apply htmlentities() non-the-less. Theoretically, I could insert an iframe in a post or as a username, and overlay your entire website with a malicious website now. Read up on XSS. strip_tags() should be applied to pretty much everything you get from the users that should be displayed again. It's a prevention you should apply before the site goes live. If this is for learning purposes, take note of XSS (Cross-site scripting) and read or ask about it the next time you build something that's going live. Link to comment Share on other sites More sharing options...
Recommended Posts