Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 351
  • Last Modified:

textarea

I have question concerning textarea,
I have a form on my web page.
When my users submit what they write, the message comes without any linebreak. There is no paragraph or breakline.
Why? I write to myself, I use paragraph, but mail comes without any <br> or <br/>  <p> although I do not replace it with anything for SQL injection.

Because I do not insert the message to my tables itself.

I use a replace function for SQL injection, I check all the textfield except the message part because I do not insert it to my table.

Do you think textarea could be harmful for my website? if it could be how?
0
Braveheartli
Asked:
Braveheartli
  • 10
  • 9
1 Solution
 
Lukasz ChmielewskiCommented:
try to add <pre> tags to your textarea, then stripslashes for security
0
 
BraveheartliMarketingAuthor Commented:
I didn't understand that?
could you rewrite it my code?

<textarea name="Messge" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
0
 
Lukasz ChmielewskiCommented:
<pre>
<textarea name="Messge" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
</pre>

it should take the content of textareas "as it is"
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Michel PlungjanIT ExpertCommented:
Why would wrapping a textarea in <pre> do anything to the content of the textarea???
0
 
Lukasz ChmielewskiCommented:
Because it works... ?
0
 
Lukasz ChmielewskiCommented:
It does not wrap the textarea containing text...
0
 
Michel PlungjanIT ExpertCommented:
In what way does these two textareas behave differently and in what browser?

<pre>
<textarea name="Messge" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
</pre>
 
<textarea name="Messge" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>

Open in new window

0
 
Lukasz ChmielewskiCommented:
they do not behave different
if you enter some text into the first one with line breaks and post them into database for example, the line breaks will be posted with it. retrieving the text from the db then will have the line breaks

the second one, even with line breaks, wraps the text and inserts "one line" of the text into db.
0
 
Michel PlungjanIT ExpertCommented:
???


Messge1=Line1%0D%0ALine2%0D%0ALine3%0D%0AThis+is+a+very+long+line+4+which+will+wrap+at+the+end+of+the+textarea+since+it+is+wider+than+the+field
Messge2=Line1%0D%0ALine2%0D%0ALine3%0D%0AThis+is+a+very+long+line+4+which+will+wrap+at+the+end+of+the+textarea+since+it+is+wider+than+the+field
Messge3=Line1%0D%0ALine2%0D%0ALine3%0D%0AThis+is+a+very+long+line+4+which+will+wrap+at+the+end+of+the+textarea+since+it+is+wider+than+the+field
Messge4=Line1%0D%0ALine2%0D%0ALine3%0D%0AThis+is+a+very+long+line+4+which+will+wrap+at+the+end+of+the+textarea+since+it+is+wider+than+the+field
Messge5=Line1%0D%0ALine2%0D%0ALine3%0D%0AThis+is+a+very+long+line+4+which+will+wrap+at+the+end+of+the+textarea+since+it+%0D%0Ais+wider+than+the+field
 
<form action="http://www.plungjan.name/eetest/dump.php">
<pre>
<textarea name="Messge1" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
</pre>
 
<textarea name="Messge2" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
<textarea name="Messge3" wrap="off" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
<textarea name="Messge4" wrap="soft" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
<textarea name="Messge5" wrap="hard" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
<input type="submit">
</form>

Open in new window

textarea.jpg
0
 
Lukasz ChmielewskiCommented:
the pre tag DOES NOT affect the BEHAVIOUR of the textarea. it does affect the INSERTED TEXT AFTER the form has been submitted... try to post it into some target.php file.
0
 
Michel PlungjanIT ExpertCommented:
Ok, so I post:

GLOBAL POST VALUE 
Messge1 Line1 Line2  
Messge2 Line1 Line2  
Messge3 Line1 Line2  
Messge4 Line1 Line2  
Messge5 Line1 Line2  

Open in new window

0
 
Lukasz ChmielewskiCommented:
ok, try below and tell me if this is what was your concern about... ?
<form action="index.php" method="post">
<pre>
<textarea name="test1"></textarea>
</pre>
<textarea name="test2"></textarea>
<input type="submit">
</form>
 
<?
	if(isset($_POST[test1]) && isset($_POST[test1]))
	{
		echo"<pre>$_POST[test1]</pre>";
		echo"<br><br><br>";
		echo"$_POST[test2]";
	}
?>

Open in new window

0
 
Michel PlungjanIT ExpertCommented:
here is the hex version



GLOBAL REQUEST VALUE HEX 
Messge1 Line1 Line2  4c696e65310d0a4c696e65320d0a 
Messge2 Line1 Line2  4c696e65310d0a4c696e65320d0a 
Messge3 Line1 Line2  4c696e65310d0a4c696e65320d0a 
Messge4 Line1 Line2  4c696e65310d0a4c696e65320d0a 
Messge5 Line1 Line2  4c696e65310d0a4c696e65320d0a 

Open in new window

0
 
Michel PlungjanIT ExpertCommented:
I am sorry, I do not see what your test does that has any significance on the <pre> around the TEXTAREA

if you put <pre> around the output of either of the POST results the result is the same
0
 
Michel PlungjanIT ExpertCommented:
e.g.

 echo"<pre>$_POST[test1]</pre>";
echo"<br><br><br>";
echo"$_POST[test2]";

or

 echo"<pre>$_POST[test2]</pre>";
echo"<br><br><br>";
echo"$_POST[test1]";



will show you the same regardless of the <pre> around the textarea
0
 
Lukasz ChmielewskiCommented:
add a manual linebreaks to the text. Wasn't the question about that ?
0
 
Lukasz ChmielewskiCommented:
"When my users submit what they write, the message comes without any linebreak."

So as I see it, WHEN the user enters some linebreaks, they are not visible (did I misunderstood the question ? I think not.)

The whole thing is not about text written without linebreaks, not about wrapping, it is about having the same shape of the text from textarea after posting. like WYSIWG. I posted the pre tags wrapped around textarea, because it does work for me, where I need to insert the textarea into the database in "formed" way. Maybe the pre tag around is not good - maybe the <pre> tag around retrieved text is good enough. I posted the result that work for me.
0
 
Lukasz ChmielewskiCommented:
OK, right - the textarea does not have to be inside the pre tags, but the resulting text should be if you want to have the text shaped as you typed it.
0
 
Michel PlungjanIT ExpertCommented:
Exactly.
My whole point
0
 
Michel PlungjanIT ExpertCommented:
So perhaps another comment should be accepted as to not confuse others
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 10
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now