RE: [PHP] textarea/display question...
Make sure to remove tags via: $var_that_will_be_displayed = strip_tags( $var_from_user_input_via_POST_or_GET_or_COOKIE ); if you are going to display or mail it as part of a link(email or URL), you might do this instead: $var_that_will_be_part_of_a_link = strip_tags( rawurldecode( $var_from_user_input_via_POST_or_GET_or_COOKIE ) ); See this page: http://www.cgisecurity.com/articles/xss-faq.shtml -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] textarea/display question...
Dennis Gearon wrote: Make sure to remove tags via: $var_that_will_be_displayed = strip_tags( $var_from_user_input_via_POST_or_GET_or_COOKIE ); if you are going to display or mail it as part of a link(email or URL), you might do this instead: $var_that_will_be_part_of_a_link = strip_tags( rawurldecode( $var_from_user_input_via_POST_or_GET_or_COOKIE ) ); See this page: http://www.cgisecurity.com/articles/xss-faq.shtml Yeah, use strip_tags so you can get rid of evil, malicious content such as grin... gasp! Just use htmlentities() like others have already suggested, so you don't change the users input. There's nothing more annoying than programs that strip out content from what users write because they think it's bad. Using allowed_tags with strip_tags() just introduces the possibility for vulnerabilities since attributes aren't checked. Javascript in a b tag, you say? Yep... -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] textarea/display question...
hi.. i'm presenting a textarea to the user... i'd like to be able to display the information within the textarea in a table format. this would allow me to highlight the material that the user should modify. however, i can't figure out how to accomplish this... $foo = 'tabletrtd class='red'blah/td/tr/table'; textarea value='$foo'/textarea something like the above, but without displaying all the attrib stuff... any ideas/pointers would be appreciated.. thanks -bruce -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] textarea/display question...
Anything inside that textarea actually get's displayed. So they will actually see that HTML. I don't know of a way to actually highlight sections within the text area, and I don't think there is one. You could highlight the text outside of the textarea though. Jon bruce wrote: hi.. i'm presenting a textarea to the user... i'd like to be able to display the information within the textarea in a table format. this would allow me to highlight the material that the user should modify. however, i can't figure out how to accomplish this... $foo = 'tabletrtd class='red'blah/td/tr/table'; textarea value='$foo'/textarea something like the above, but without displaying all the attrib stuff... any ideas/pointers would be appreciated.. thanks -bruce -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] textarea/display question...
Hi, With textarea, there is no value... textarea$foo/textarea -Dan Joseph $foo = 'tabletrtd class='red'blah/td/tr/table'; textarea value='$foo'/textarea -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] textarea/display question...
Have you considered an imbedded frame? (Looks like a textarea, with the ability to imbed all types of controls (and tables) within it). I'm not sure that all browsers support IFRAME yet, but the most widely used one does. Another approach would be to use sprinf() formatting to imbed leading/trailing spaces to allow everything to line up, assuming your text area uses a fixed pitch font like courier. Course since the control is an input control, trust your users are going to screw up the alignment, and don't count on getting the data back all neatly lined up. Warren Vail -Original Message- From: bruce [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 10:59 AM To: [EMAIL PROTECTED] Subject: [PHP] textarea/display question... hi.. i'm presenting a textarea to the user... i'd like to be able to display the information within the textarea in a table format. this would allow me to highlight the material that the user should modify. however, i can't figure out how to accomplish this... $foo = 'tabletrtd class='red'blah/td/tr/table'; textarea value='$foo'/textarea something like the above, but without displaying all the attrib stuff... any ideas/pointers would be appreciated.. thanks -bruce -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] textarea/display question...
I've always gotten errors when trying to use the value property of a textarea. Put the value info between the textarea/textarea tabs. -Original Message- From: bruce [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 12:59 PM To: [EMAIL PROTECTED] Subject: [PHP] textarea/display question... hi.. i'm presenting a textarea to the user... i'd like to be able to display the information within the textarea in a table format. this would allow me to highlight the material that the user should modify. however, i can't figure out how to accomplish this... $foo = 'tabletrtd class='red'blah/td/tr/table'; textarea value='$foo'/textarea something like the above, but without displaying all the attrib stuff... any ideas/pointers would be appreciated.. thanks -bruce -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] textarea/display question...
bruce wrote: textarea value='$foo'/textarea Please review your HTML textbook. There is no value attribute for a textarea. textarea$foo/textarea -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] textarea/display question...
vail... with an iframe... can i allow the user to make changes... and then capture the data as a value for a post within a form..??? in other words...does it closely give me what a textarea does with regards to allowing a user to make mods to the information? -thanks.. ps.. to you guys who said that the textarea doesn't have a value=''.. it does... -Original Message- From: Vail, Warren [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 11:20 AM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: [PHP] textarea/display question... Have you considered an imbedded frame? (Looks like a textarea, with the ability to imbed all types of controls (and tables) within it). I'm not sure that all browsers support IFRAME yet, but the most widely used one does. Another approach would be to use sprinf() formatting to imbed leading/trailing spaces to allow everything to line up, assuming your text area uses a fixed pitch font like courier. Course since the control is an input control, trust your users are going to screw up the alignment, and don't count on getting the data back all neatly lined up. Warren Vail -Original Message- From: bruce [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 10:59 AM To: [EMAIL PROTECTED] Subject: [PHP] textarea/display question... hi.. i'm presenting a textarea to the user... i'd like to be able to display the information within the textarea in a table format. this would allow me to highlight the material that the user should modify. however, i can't figure out how to accomplish this... $foo = 'tabletrtd class='red'blah/td/tr/table'; textarea value='$foo'/textarea something like the above, but without displaying all the attrib stuff... any ideas/pointers would be appreciated.. thanks -bruce -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] textarea/display question...
On Tue, 20 Jul 2004 10:59:06 -0700, bruce [EMAIL PROTECTED] wrote: hi.. i'm presenting a textarea to the user... i'd like to be able to display the information within the textarea in a table format. this would allow me to highlight the material that the user should modify. however, i can't figure out how to accomplish this... $foo = 'tabletrtd class='red'blah/td/tr/table'; textarea value='$foo'/textarea something like the above, but without displaying all the attrib stuff... any ideas/pointers would be appreciated.. First of all, textareas don't have a value attribute, you put the text between the textarea tags. Second, you simply can't do that. Textareas are normal text only. However, there are JavaScript plugins you can use to do this: http://dynarch.com/mishoo/htmlarea.epl -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] textarea/display question...
Yes, but by nature, it must be a separate form. What appears in the IFRAME is like any other frame, an entire web page, and as a separate web page and separate form, it must have it's own submit button (within the form). Course you could cause some of the other controls on the form to trigger the submit, like changing a selection on a select list; select name=fmyselect onChange=this.form.submit(); option value='a'this is a/option /select Hope this helps, Warren Vail -Original Message- From: bruce [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 11:51 AM To: Vail, Warren; [EMAIL PROTECTED] Subject: RE: [PHP] textarea/display question... vail... with an iframe... can i allow the user to make changes... and then capture the data as a value for a post within a form..??? in other words...does it closely give me what a textarea does with regards to allowing a user to make mods to the information? -thanks.. ps.. to you guys who said that the textarea doesn't have a value=''.. it does... -Original Message- From: Vail, Warren [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 11:20 AM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: [PHP] textarea/display question... Have you considered an imbedded frame? (Looks like a textarea, with the ability to imbed all types of controls (and tables) within it). I'm not sure that all browsers support IFRAME yet, but the most widely used one does. Another approach would be to use sprinf() formatting to imbed leading/trailing spaces to allow everything to line up, assuming your text area uses a fixed pitch font like courier. Course since the control is an input control, trust your users are going to screw up the alignment, and don't count on getting the data back all neatly lined up. Warren Vail -Original Message- From: bruce [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 10:59 AM To: [EMAIL PROTECTED] Subject: [PHP] textarea/display question... hi.. i'm presenting a textarea to the user... i'd like to be able to display the information within the textarea in a table format. this would allow me to highlight the material that the user should modify. however, i can't figure out how to accomplish this... $foo = 'tabletrtd class='red'blah/td/tr/table'; textarea value='$foo'/textarea something like the above, but without displaying all the attrib stuff... any ideas/pointers would be appreciated.. thanks -bruce -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] textarea/display question...
That is a tough question to answer simply, but the basic answer is yes.
What appears in the IFRAME is actually another web page, complete with it's
own set of controls and it's own form, and something to trigger the
submission of that form (separately from the page containing the IFRAME).
Suppose your entire form consisted of a collection of text controls (one for
each cell in your table);
Assume you have your data in a 2 dimension array $darray. To display the
array on a page;
Echo table;
For($row = 0; $row $height; $row++) {
echo tr;
for($col = 0; $col $width; $col++) {
echo tdinput type=text name=\farray[.$row.][.$col.]\
.value=\.$darray[$row][$col].\/td\n;
}
echo /tr;
}
Echo /table;
This would look much like a VB grid control, notice that a table by itself
is not an input type control. This is just one solution, and so many are
available. Notice that the form will return a multi-dimension array;
$returnarray = $_GET[farray];
Hope this gets you started.
Warren Vail
-Original Message-
From: bruce [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 20, 2004 11:51 AM
To: Vail, Warren; [EMAIL PROTECTED]
Subject: RE: [PHP] textarea/display question...
vail...
with an iframe... can i allow the user to make changes... and then capture
the data as a value for a post within a form..???
in other words...does it closely give me what a textarea does with regards
to allowing a user to make mods to the information?
-thanks..
ps.. to you guys who said that the textarea doesn't have a value=''.. it
does...
-Original Message-
From: Vail, Warren [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 20, 2004 11:20 AM
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: RE: [PHP] textarea/display question...
Have you considered an imbedded frame? (Looks like a textarea, with the
ability to imbed all types of controls (and tables) within it). I'm not
sure that all browsers support IFRAME yet, but the most widely used one
does.
Another approach would be to use sprinf() formatting to imbed
leading/trailing spaces to allow everything to line up, assuming your text
area uses a fixed pitch font like courier. Course since the control is an
input control, trust your users are going to screw up the alignment, and
don't count on getting the data back all neatly lined up.
Warren Vail
-Original Message-
From: bruce [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 20, 2004 10:59 AM
To: [EMAIL PROTECTED]
Subject: [PHP] textarea/display question...
hi..
i'm presenting a textarea to the user...
i'd like to be able to display the information within the textarea in a
table format. this would allow me to highlight the material that the user
should modify. however, i can't figure out how to accomplish this...
$foo = 'tabletrtd class='red'blah/td/tr/table';
textarea value='$foo'/textarea
something like the above, but without displaying all the attrib stuff...
any ideas/pointers would be appreciated..
thanks
-bruce
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] textarea/display question...
ps.. to you guys who said that the textarea doesn't have a value=''.. it does... Where did you find this out? I was pretty sure that is did not have the value attribute. http://msdn.microsoft.com/workshop/author/dhtml/reference/objects/textarea.asp http://www.w3.org/TR/REC-html40/interact/forms.html#h-17.7 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] textarea/display question...
ps.. to you guys who said that the textarea doesn't have a value=''.. it does... Please, in this documentation from the W3C's site, show me where there's a value attribute for textarea. http://www.w3.org/TR/1998/REC-html40-19980424/interact/forms.html#h-17.7 --Matthew Sims --http://killermookie.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] textarea/display question...
you can set designmode on a iframe to make it editable if you like, you can use javascript to use commands from the browser on the iframe even. And textarea may have a value attribute, however the element is meant to tag its displayed value from between the open and close tags. Jason On Tue, 20 Jul 2004 11:51:22 -0700, bruce [EMAIL PROTECTED] wrote: vail... with an iframe... can i allow the user to make changes... and then capture the data as a value for a post within a form..??? in other words...does it closely give me what a textarea does with regards to allowing a user to make mods to the information? -thanks.. ps.. to you guys who said that the textarea doesn't have a value=''.. it does... -Original Message- From: Vail, Warren [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 11:20 AM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: [PHP] textarea/display question... Have you considered an imbedded frame? (Looks like a textarea, with the ability to imbed all types of controls (and tables) within it). I'm not sure that all browsers support IFRAME yet, but the most widely used one does. Another approach would be to use sprinf() formatting to imbed leading/trailing spaces to allow everything to line up, assuming your text area uses a fixed pitch font like courier. Course since the control is an input control, trust your users are going to screw up the alignment, and don't count on getting the data back all neatly lined up. Warren Vail -Original Message- From: bruce [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 10:59 AM To: [EMAIL PROTECTED] Subject: [PHP] textarea/display question... hi.. i'm presenting a textarea to the user... i'd like to be able to display the information within the textarea in a table format. this would allow me to highlight the material that the user should modify. however, i can't figure out how to accomplish this... $foo = 'tabletrtd class='red'blah/td/tr/table'; textarea value='$foo'/textarea something like the above, but without displaying all the attrib stuff... any ideas/pointers would be appreciated.. thanks -bruce -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] textarea/display question...
bruce wrote: ps.. to you guys who said that the textarea doesn't have a value=''.. it does... No, it doesn't. Pleae upgrade your textbooks. http://www.w3.org/TR/html4/interact/forms.html#h-17.7 -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] textarea/display question...
On Tue, 20 Jul 2004 11:51:22 -0700, bruce [EMAIL PROTECTED] wrote: with an iframe... can i allow the user to make changes... and then capture the data as a value for a post within a form..??? in other words...does it closely give me what a textarea does with regards to allowing a user to make mods to the information? What you're looking for is a replace for textarea that supports HTML editing. Try http://www.interactivetools.com/products/htmlarea/ (IE only unfortunately - but there are others, try searching Google for edit html textarea or similar to find them). ps.. to you guys who said that the textarea doesn't have a value=''.. it does... Erm, no, it doesn't. -- Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] textarea/display question...
Stut wrote: On Tue, 20 Jul 2004 11:51:22 -0700, bruce [EMAIL PROTECTED] wrote: with an iframe... can i allow the user to make changes... and then capture the data as a value for a post within a form..??? in other words...does it closely give me what a textarea does with regards to allowing a user to make mods to the information? What you're looking for is a replace for textarea that supports HTML editing. Try http://www.interactivetools.com/products/htmlarea/ (IE only unfortunately - but there are others, try searching Google for edit html textarea or similar to find them). ps.. to you guys who said that the textarea doesn't have a value=''.. it does... Erm, no, it doesn't. -- Stut There is a newer version of the HTMLarea from Interactive Tools, and it is supported by IE 5.x, Mozilla, Firefox, etc. http://dynarch.com/mishoo/htmlarea.epl HTH. Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] textarea/display question...
bruce wrote: $foo = 'tabletrtd class='red'blah/td/tr/table'; textarea value='$foo'/textarea Everything but one thing has been said: You should always use htmlspecialchars() to output value of textarea $foo = 'tabletrtd class='red'blah/td/tr/table'; echo 'textarea ...' . htmlspecialchars($foo) . '/textarea'; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
