Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

textarea

Posted on 2009-04-01
20
Medium Priority
?
347 Views
Last Modified: 2012-05-06
I have question concerning textarea,
I have a form on my web page.
When my users submit what they write, the message comes without any linebreak. There is no paragraph or breakline.
Why? I write to myself, I use paragraph, but mail comes without any <br> or <br/>  <p> although I do not replace it with anything for SQL injection.

Because I do not insert the message to my tables itself.

I use a replace function for SQL injection, I check all the textfield except the message part because I do not insert it to my table.

Do you think textarea could be harmful for my website? if it could be how?
0
Comment
Question by:Braveheartli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 9
20 Comments
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 24047362
try to add <pre> tags to your textarea, then stripslashes for security
0
 
LVL 1

Author Comment

by:Braveheartli
ID: 24047448
I didn't understand that?
could you rewrite it my code?

<textarea name="Messge" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
0
 
LVL 27

Accepted Solution

by:
Lukasz Chmielewski earned 2000 total points
ID: 24047492
<pre>
<textarea name="Messge" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
</pre>

it should take the content of textareas "as it is"
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 24049413
Why would wrapping a textarea in <pre> do anything to the content of the textarea???
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 24049478
Because it works... ?
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 24049485
It does not wrap the textarea containing text...
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 24049557
In what way does these two textareas behave differently and in what browser?

<pre>
<textarea name="Messge" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
</pre>
 
<textarea name="Messge" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>

Open in new window

0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 24049813
they do not behave different
if you enter some text into the first one with line breaks and post them into database for example, the line breaks will be posted with it. retrieving the text from the db then will have the line breaks

the second one, even with line breaks, wraps the text and inserts "one line" of the text into db.
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 24050016
???


Messge1=Line1%0D%0ALine2%0D%0ALine3%0D%0AThis+is+a+very+long+line+4+which+will+wrap+at+the+end+of+the+textarea+since+it+is+wider+than+the+field
Messge2=Line1%0D%0ALine2%0D%0ALine3%0D%0AThis+is+a+very+long+line+4+which+will+wrap+at+the+end+of+the+textarea+since+it+is+wider+than+the+field
Messge3=Line1%0D%0ALine2%0D%0ALine3%0D%0AThis+is+a+very+long+line+4+which+will+wrap+at+the+end+of+the+textarea+since+it+is+wider+than+the+field
Messge4=Line1%0D%0ALine2%0D%0ALine3%0D%0AThis+is+a+very+long+line+4+which+will+wrap+at+the+end+of+the+textarea+since+it+is+wider+than+the+field
Messge5=Line1%0D%0ALine2%0D%0ALine3%0D%0AThis+is+a+very+long+line+4+which+will+wrap+at+the+end+of+the+textarea+since+it+%0D%0Ais+wider+than+the+field
 
<form action="http://www.plungjan.name/eetest/dump.php">
<pre>
<textarea name="Messge1" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
</pre>
 
<textarea name="Messge2" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
<textarea name="Messge3" wrap="off" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
<textarea name="Messge4" wrap="soft" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
<textarea name="Messge5" wrap="hard" cols="30" rows="20" class="borderBlue moodText" id="Message" style="font-size: 12px; color: #424242; width: 588px;border : 1px solid #6EA6C7;"></textarea>
<input type="submit">
</form>

Open in new window

textarea.jpg
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 24050172
the pre tag DOES NOT affect the BEHAVIOUR of the textarea. it does affect the INSERTED TEXT AFTER the form has been submitted... try to post it into some target.php file.
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 24050587
Ok, so I post:

GLOBAL POST VALUE 
Messge1 Line1 Line2  
Messge2 Line1 Line2  
Messge3 Line1 Line2  
Messge4 Line1 Line2  
Messge5 Line1 Line2  

Open in new window

0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 24050708
ok, try below and tell me if this is what was your concern about... ?
<form action="index.php" method="post">
<pre>
<textarea name="test1"></textarea>
</pre>
<textarea name="test2"></textarea>
<input type="submit">
</form>
 
<?
	if(isset($_POST[test1]) && isset($_POST[test1]))
	{
		echo"<pre>$_POST[test1]</pre>";
		echo"<br><br><br>";
		echo"$_POST[test2]";
	}
?>

Open in new window

0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 24050710
here is the hex version



GLOBAL REQUEST VALUE HEX 
Messge1 Line1 Line2  4c696e65310d0a4c696e65320d0a 
Messge2 Line1 Line2  4c696e65310d0a4c696e65320d0a 
Messge3 Line1 Line2  4c696e65310d0a4c696e65320d0a 
Messge4 Line1 Line2  4c696e65310d0a4c696e65320d0a 
Messge5 Line1 Line2  4c696e65310d0a4c696e65320d0a 

Open in new window

0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 24050743
I am sorry, I do not see what your test does that has any significance on the <pre> around the TEXTAREA

if you put <pre> around the output of either of the POST results the result is the same
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 24050767
e.g.

 echo"<pre>$_POST[test1]</pre>";
echo"<br><br><br>";
echo"$_POST[test2]";

or

 echo"<pre>$_POST[test2]</pre>";
echo"<br><br><br>";
echo"$_POST[test1]";



will show you the same regardless of the <pre> around the textarea
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 24050794
add a manual linebreaks to the text. Wasn't the question about that ?
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 24050905
"When my users submit what they write, the message comes without any linebreak."

So as I see it, WHEN the user enters some linebreaks, they are not visible (did I misunderstood the question ? I think not.)

The whole thing is not about text written without linebreaks, not about wrapping, it is about having the same shape of the text from textarea after posting. like WYSIWG. I posted the pre tags wrapped around textarea, because it does work for me, where I need to insert the textarea into the database in "formed" way. Maybe the pre tag around is not good - maybe the <pre> tag around retrieved text is good enough. I posted the result that work for me.
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 24050945
OK, right - the textarea does not have to be inside the pre tags, but the resulting text should be if you want to have the text shaped as you typed it.
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 24051186
Exactly.
My whole point
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 24062962
So perhaps another comment should be accepted as to not confuse others
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found this questions asking how to do this in many different forums, so I will describe here how to implement a solution using PHP and AJAX. The logical flow for the problem should be: Write an event handler for the first drop down box to get …
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question