Solved

input fields, html code & errors

Posted on 2004-04-29
26
365 Views
Last Modified: 2013-12-24
Folks: ... one general question wrapped in several related issues: hope u can help!
(hope also 500 points if sufficient for this plethora of pain)

I'm TRYING to create a cfm page that takes the following input:
- a text input field for an article 'title' (i.e. the description of the article)
- a text input field for an article's 'text' (i.e. the body of the article)

I DON'T want ANY HTML CODE <b></b> stuff etc in the TITLE ...
BUT I DO want to allow HTML CODE in the BODY of the article.

PLUS ... I DO WANT to be able to OUTPUT the BODY of the article, showing the neat HTML.

-- does the above make sense? --

SO:

- my problem:
: I found the terrific SafeText() tag/'function' .. and I think I installed it correct ... SO THAT I can STRIP ANY html code from the text_title input form field. BECAUSE I get errors when I try to insert such variable with HTML code (and it doesn't make sense to have it in the title field anyway).

problem is: I obviously don't know how to use SafeText() because my .cfm that INSERTS the form.input_title variable is saying 'SAFETEXT is undefined'.

I used it as such:
<cfquery name="PostArticle" datasource="fred">
insert into article_table (article_title, article_text)
values ('#SafeText(form.input_article_text, 1)#', '#SafeText(form.input_article_text)#', )
</cfquery>
(where the ',1' strips ALL html out, ELSE defauts to JUST stripping out naughty HTML code leave all good html code intact (which I want for the body text).

WHAT am I doing WRONG!? I placed the SafeText.cfm into my 'c_tags' subfolder with other cf tags / functions etc.



THEN:
My related issue:

SO I've successfully managed (besides the SafeText problem) to INSERT an article containing lots of text with the odd <b> </b> etc .. into my table record.

WHEN I try to OUTPUT as a sexy formatted looking HTML-based article ... I get a lousy WRAPPED text field:

i.e. .. my database holds

<b>This is an example</b>

Written by Richard Buchanan, the Opinion Exchange

blah blah blah blah.


BUT when I output ... I get this:

<b>This is an example</b>Written by Richard Buchanan, the Opinion Exchange blah blah blah blah.



Which is AWFUL!
Any ideas? I feel pretty comfortable that my database table record is holding the article correctly with line breaks, html codes etc.  It's just not outputting correctly.

Thanks much! Sorry for the multitudes of agony.

Richard Buchanan
the Opinion Exchange
0
Comment
Question by:rcbuchanan
  • 9
  • 8
  • 7
  • +1
26 Comments
 
LVL 9

Accepted Solution

by:
CFDevHead earned 500 total points
ID: 10950140
where did you get this function from SafeText()
0
 
LVL 9

Expert Comment

by:CFDevHead
ID: 10950184
My guess is you got it from cflib.org?

if so this is how it need to work

make you include this script somewhere on the page in which you are going to call the function else it will not work
<cfscript>
/**
 * Removes potentially nasty HTML text.
 * Version 2 by Lena Aleksandrova - changes include fixing a bug w/ arguments and use of REreplace where REreplaceNoCase should have been used.
 *
 * @param text        String to be modified. (Required)
 * @param strip        Boolean value (defaults to false) that determines if HTML should be stripped or just escaped out. (Optional)
 * @param badTags        A list of bad tags. Has a long default list. Consult source. (Optional)
 * @param badEvents        A list of bad HTML events. Has a long default list. Consult source. (Optional)
 * @return Returns a string.
 * @author Nathan Dintenfass (nathan@changemedia.com)
 * @version 3, March 19, 2003
 */
function safetext(text) {
      //default mode is "escape"
      var mode = "escape";
      //the things to strip out (badTags are HTML tags to strip and badEvents are intra-tag stuff to kill)
      //you can change this list to suit your needs
      var badTags = "SCRIPT,OBJECT,APPLET,EMBED,FORM,LAYER,ILAYER,FRAME,IFRAME,FRAMESET,PARAM,META";
      var badEvents = "onClick,onDblClick,onKeyDown,onKeyPress,onKeyUp,onMouseDown,onMouseOut,onMouseUp,onMouseOver,onBlur,onChange,onFocus,onSelect,javascript:";
      var stripperRE = "";
      
      //set up variable to parse and while we're at it trim white space
      var theText = trim(text);
      //find the first open bracket to start parsing
      var obracket = find("<",theText);            
      //var for badTag
      var badTag = "";
      //var for the next start in the parse loop
      var nextStart = "";
      //if there is more than one argument and the second argument is boolean TRUE, we are stripping
      if(arraylen(arguments) GT 1 AND isBoolean(arguments[2]) AND arguments[2]) mode = "strip";
      if(arraylen(arguments) GT 2 and len(arguments[3])) badTags = arguments[3];
      if(arraylen(arguments) GT 3 and len(arguments[4])) badEvents = arguments[4];
      //the regular expression used to stip tags
      stripperRE = "</?(" & listChangeDelims(badTags,"|") & ")[^>]*>";      
      //Deal with "smart quotes" and other "special" chars from MS Word
      theText = replaceList(theText,chr(8216) & "," & chr(8217) & "," & chr(8220) & "," & chr(8221) & "," & chr(8212) & "," & chr(8213) & "," & chr(8230),"',',"","",--,--,...");
      //if escaping, run through the code bracket by bracket and escape the bad tags.
      if(mode is "escape"){
            //go until no more open brackets to find
            while(obracket){
                  //find the next instance of one of the bad tags
                  badTag = REFindNoCase(stripperRE,theText,obracket,1);
                  //if a bad tag is found, escape it
                  if(badTag.pos[1]){
                        theText = replace(theText,mid(TheText,badtag.pos[1],badtag.len[1]),HTMLEditFormat(mid(TheText,badtag.pos[1],badtag.len[1])),"ALL");
                        nextStart = badTag.pos[1] + badTag.len[1];
                  }
                  //if no bad tag is found, move on
                  else{
                        nextStart = obracket + 1;
                  }
                  //find the next open bracket
                  obracket = find("<",theText,nextStart);
            }
      }
      //if not escaping, assume stripping
      else{
            theText = REReplaceNoCase(theText,stripperRE,"","ALL");
      }
      //now kill the bad "events" (intra tag text)
      theText = REReplaceNoCase(theText,(ListChangeDelims(badEvents,"|")),"","ALL");
      //return theText
      return theText;
}
</cfscript>


Now you can call the function

<cfquery name="PostArticle" datasource="fred">
insert into article_table (article_title, article_text)
values ('#SafeText(form.input_article_text, 1)#', '#SafeText(form.input_article_text)#', )
</cfquery>
(where the ',1' strips ALL html out, ELSE defauts to JUST stripping out naughty HTML code leave all good html code intact (which I want for the body text).
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10950185
try this, not sure if this will work but...

<cfset var=<SafeText str="#form.input_article_text" attribute2="1">>

i think you are calling the satfetext tag incorrectly
0
 
LVL 9

Assisted Solution

by:CFDevHead
CFDevHead earned 500 total points
ID: 10950227
if you are not running cfmx this function will not work
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 10950275
It is a lot simpler if the line breaks are stored in your DB.

Simply do one of the following when you want to output to the screen:

<pre>#fieldname#</pre>
(but this solution may not look as nice since it will be fixed width font

or

#Replace(fieldname, chr(13) & chr(10), "<BR>", "ALL")#
0
 

Author Comment

by:rcbuchanan
ID: 10950365

re the outputting ...
Yes, I'm running CFMX ...
No, the #Replace# does not work.

All is get now ... is this:

Interview with J C Watts.<BR><BR>Initial Thoughts:<BR><BR><b>BOLD </b><BR><BR>JC Watts exudes a quite intoxicating calm. True, my meeting with the man was only thirty minutes long but if you tried, quite unfairly, to give him one label; one stark quality; calm would be mine.<BR><BR>Oscar Wilde suggested, more than once I believe, that nothing is so aggravating as calmness! Id extend that quote one step further and suggest nothing is more aggravating than a calm than a forty something that has accomplished more in his life thus far than seven men could possibly hope to accomplish. And to be so calm? Is calm a product of that experiences that have molded him o


NOTE: .. I'm outputting as follows:

<cfoutput>#display_text#</cfoutput>

!??1?
Thanks for any clarification!
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 10950432
Where are you outputting to?  The screen or something else?
0
 

Author Comment

by:rcbuchanan
ID: 10950438
The screen.
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 10950462
And the <br> tags are showing up instead of displaying as a return?
0
 

Author Comment

by:rcbuchanan
ID: 10950490
yes, see the pasted text above.

when I try to output using:

<cfoutput>#display_text#</cfoutput>

I get this:

Interview with J C Watts.<BR><BR>Initial Thoughts:<BR><BR><b>BOLD </b><BR><BR>JC Watts exudes a quite intoxicating calm. True, my meeting with the man was only thirty minutes long but if you tried, quite unfairly, to give him one label; one stark quality; calm would be mine.<BR><BR>Oscar Wilde suggested, more than once I believe, that nothing is so aggravating as calmness! Id extend that quote one step further and suggest nothing is more aggravating than a calm than a forty something that has accomplished more in his life thus far than seven men could possibly hope to accomplish. And to be so calm? Is calm a product of that experiences that have molded him o


Thanks.
R
0
 

Author Comment

by:rcbuchanan
ID: 10950526
Ok. I'm a ass.

mrichmon, you've been incredibly helpful. It does work (if I save the right bloody version).
Apologies and appreciations.

MODERATOR : how do I assign points to someone AFTER I've acccepted the response already?
In other words ... I feel obliged to give points to MRICHMON.

thanks!

Richard
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 10950538
That is really strange.  Obviously the replace is working since the BR tags are there instead of the normal return characters.  But it is strange that the HTML sis being displayed instead of rendered since when I try the same thing it renders the br into a return. and the <b> tags into bold.

Are you sure something else in the page is not affecting this?
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 35

Expert Comment

by:mrichmon
ID: 10950556
If you feel that the answer should be changed to a split so that one shows as the assisted answer then you can post to

http://www.experts-exchange.com/Community_Support/

and ask for the asnwer to be selected the way you feel is appropriate.
0
 
LVL 9

Expert Comment

by:CFDevHead
ID: 10950586
I am not sure what mrichmon did to help answer the question. your question not mine.
0
 

Author Comment

by:rcbuchanan
ID: 10950620
have done so. (asked community support to fix)
sorry ... and thanks.
0
 
LVL 9

Expert Comment

by:CFDevHead
ID: 10950652
can you point to post that helped you
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 10950696
CFDevHead, If you read the initial post there were two sections - one about safetext and one about line breaks not appearing correctly.  This is the portion of the question that I addressed since you had already nicely helped with the safetext.
0
 

Author Comment

by:rcbuchanan
ID: 10950720
look, .. it was the amount of EFFORT as well as the degree of answer.
Sorry to cause anyone disrespect or anguish.

You helped me enormously with the SafeText. you pasted the code and I understood finally that I had ti embed into my page ...

BUT Richmon also helped my question re outputting the text.
His answer #Replace(fieldname, chr(13) & chr(10), "<BR>", "ALL")#

made the 'penny drop' and I realized my goof, ... and it now works.

Thanks all. if there is some kind of gentle procedure for who gets what / when ... etc ... please bring it up at the next UN Security Council meeting.  I'm just trying to leverage a great bunch of smart people ... across my many many knowledge gaps.

Thanks again..
Richard

p.s I have an unlimited supply of points; so it's not for being a sacred cow with my 'booty' ... i simply don't know how to reassign or give everyone every point they feel they deserve.  tell me the secret and I'll hand out points like it's Halloween and I'm the scared Grandma.

0
 
LVL 9

Expert Comment

by:CFDevHead
ID: 10950745
Actually the solution that I posted toke care of both sections of this question I tested it my self.  Here is a working example spiraldev.com/ee/ee.cfm

0
 
LVL 35

Expert Comment

by:mrichmon
ID: 10950763
The points aren't important to me - just making sure that the all portions of the answer are marked when the question gets put into the searchable knowledge base.

But if you do want to hand out points to someone who has given you extra help you can do what is called a "Points for" question.  You create a new question titled "Points for XXXXX"  Then person XXXX posts a message there and you accept it as the answer.  Be sure that when you create the "Points for" question that you include a link to the original question that the help was for in the body.
0
 
LVL 9

Expert Comment

by:CFDevHead
ID: 10950775
again its your question.  do as you want. I was just wondering what the user did. because from what I read I couldn't see it.
enjoy
0
 
LVL 9

Expert Comment

by:CFDevHead
ID: 10950793
Its been fun I am out............................................
0
 

Author Comment

by:rcbuchanan
ID: 10950922
thanks! ... have done.
0
 

Author Comment

by:rcbuchanan
ID: 10951005
0
 
LVL 9

Expert Comment

by:CFDevHead
ID: 10951040
kewl I got the answer and the assit
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Join & Write a Comment

A web service (http://en.wikipedia.org/wiki/Web_service) is a software related technology that facilitates machine-to-machine interaction over a network. This article helps beginners in creating and consuming a web service using the ColdFusion Ma…
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
This video discusses moving either the default database or any database to a new volume.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now