--<SNIP>--
> Try this:
>
> <textarea name="text">This is <some> text</textarea>
>
> If you submit that "text" and then print $_REQUEST['text'], you'll see that
> you have
>
> This is <some> text
--<SNIP>--
Ok, but that only makes me realize the further extent of the problem.
If the HTML file that they upload has '<' or '>' entities, then these characters will be displayed in the text area as '<' and '>' symbols. So when the text is submitted from the textarea, all of the user's HTML entities will have been destroyed.
Any thoughts on this problem?
Thaddeus
CPT John W. Holmes wrote:
From: "Thaddeus J. Quintin" <[EMAIL PROTECTED]>
I'm working on a site where users have the option to type HTML code into a textarea, or upload HTML code from a local file which is then displayed in the text area.
The obvious problem is that an uploaded file that contains a closing tag for a textarea can wreak havoc and eat up the rest of the page. So, in order to get it to display properly, I called htmlspecialchars() on the string and that works fine.
After any editing has been done, I can convert the text back using html_entity_decode(). This seems to be a decent solution to the problem.
However, if the user has included htmlentities in their code, won't these get converted when I call the decode function? Even something simple like using a '<' symbol for a little arrow. This would need to remain a '<' and not get converted when html_entity_decode() is called.
You should not have to call html_entity_decode() at all. You encode the text to get it to show in the text area. When the form is submitted, you get the text exactly as it appears in the textarea. in other words, without the html entities.
Try this:
<textarea name="text">This is <some> text</textarea>
If you submit that "text" and then print $_REQUEST['text'], you'll see that you have
This is <some> text
---John Holmes...
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
