• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 600
  • Last Modified:

How to strip HTML from text input field

I need help altering my code to remove HTML formatting that might be entered into a comments box.  Here is the code being used to submit the form.
<?php  
require_once("dbConnection.php");  
if($_POST['Submit'] == "Add Comment"){ 
 
  
// Open Database Connection  
 $dbLink = mysql_connect($dbHost, $dbUser, $dbPass); 
 if (!$dbLink){ 
   die ("Database: Couldn`t connect to mySQL Server"); 
 } 
 mysql_select_db($dbName, $dbLink)  
  or die ("Database: Couldn`t open Database");  
 
 // Read data to insert into Database 
 if (!get_magic_quotes_gpc()) { 
  $name = addslashes($_POST['frmName']); 
  $comment = addslashes($_POST['frmComment']); 
  $articleID = addslashes($_POST['frmArticleID']); 
 } else { 
  $name = $_POST['frmName']; 
  $comment = $_POST['frmComment']; 
  $articleID = $_POST['frmArticleID']; 
 }
 // Create Date Time Field 
 $dateTime = date("Y-m-d H:i:s"); 
  
  // Create SQL Query and Execute 
 $sql = "INSERT INTO comments (article,postDateTime,name,comment) 
VALUES ("; 
 $sql .= "'" . $articleID . "',"; 
 $sql .= "'" . $dateTime . "',"; 
 $sql .= "'" . $name . "',"; 
 $sql .= "'" . $comment . "'"; 
 $sql .= ")"; 
 mysql_query($sql,$dbLink); 
  
 // Close Database Connection  
 mysql_close($dbLink); 
  
 header("Location: " . $_POST['page']); 
} 
?>

Open in new window

0
producer88
Asked:
producer88
  • 14
  • 13
1 Solution
 
Hube02Commented:
the following will effectively remove any html from a string (or anything that looks like html):

preg_replace('#</?\w[^>]*>#', '', $string);

I would also suggest that instead of trying to add slashes yourself to data to be inserted into a MySQL database that you should use the function mysql_real_escape_string() http://us2.php.net/manual/en/function.mysql-real-escape-string.php
This is a function that was designed to make data save for the database.
0
 
producer88Author Commented:
Thank you so much - but WHERE exactly does this go in the code I am using?
0
 
Hube02Commented:
You could do

$comment = addslashes(preg_replace('#</?\w[^>]*>#', '', $_POST['frmComment']));

or if you wanted to ensure that all html what removed from all posted content you could do a loop before you set any values:

foreach ($_POST as $key => $value) {
  $_POST[$key] = preg_replace('#</?\w[^>]*>#', '', $value);
}
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
producer88Author Commented:
Okay - I entered the first code and it is still allowing javascript code to be entered - which then works in the comments box?!

Any idea what I might be doing wrong?
0
 
Hube02Commented:
can you echo out the value of $_POST['frmComment'] before you do anything with it and then post what you get?

echo $_POST['frmComment']; die;

you may need to do a "view source" to see what is output. Perhaps there is something being put in there that is not being caught by the regex, though I don't see how.

For instance the attached code works fine for me:

<?php
 
$string = '<script type="text/javascript><p>test paragraph<span> this is a span</span></p></script>';
 
$string = preg_replace('#</?[a-z][^>]*>#i', '', $string);
 
echo $string;
 
?>

Open in new window

0
 
producer88Author Commented:
I am sorry, but I don't understand what you are suggesting I do - not that experienced at writing PHP code.

Here is the entire PHP code for the page&perhaps the upper porition that is counting characters has something to do with the reason it will not work for me?
<?php require_once("../../WA_ValidationToolkit/WAVT_Scripts_PHP.php"); ?>
<?php require_once("../../WA_ValidationToolkit/WAVT_ValidatedForm_PHP.php"); ?>
<?php 
if ($_SERVER["REQUEST_METHOD"] == "POST")  {
  $WAFV_Redirect = "comment_added.php";
  $_SESSION['WAVT_addcomment_Errors'] = "";
  if ($WAFV_Redirect == "")  {
    $WAFV_Redirect = $_SERVER["PHP_SELF"];
  }
  $WAFV_Errors = "";
  $WAFV_Errors .= WAValidateEL(((isset($_POST["frmComment"]))?$_POST["frmComment"]:"") . "",0,500,true,1);
 
  if ($WAFV_Errors != "")  {
    PostResult($WAFV_Redirect,$WAFV_Errors,"addcomment"); 
  }
}
?>
<?php  
require_once("dbConnection.php");  
if($_POST['Submit'] == "Add Comment"){ 
 
  
// Open Database Connection  
 $dbLink = mysql_connect($dbHost, $dbUser, $dbPass); 
 if (!$dbLink){ 
   die ("Database: Couldn`t connect to mySQL Server"); 
 } 
 mysql_select_db($dbName, $dbLink)  
  or die ("Database: Couldn`t open Database");  
 
 // Read data to insert into Database 
 if (!get_magic_quotes_gpc()) { 
  $name = addslashes($_POST['frmName']); 
$comment = addslashes(preg_replace('#</?\w[^>]*>#', '', $_POST['frmComment']));
$articleID = addslashes($_POST['frmArticleID']); 
 } else { 
  $name = $_POST['frmName']; 
  $comment = $_POST['frmComment']; 
  $articleID = $_POST['frmArticleID']; 
 }
 // Create Date Time Field 
 $dateTime = date("Y-m-d H:i:s"); 
  
  // Create SQL Query and Execute 
 $sql = "INSERT INTO comments (article,postDateTime,name,comment) 
VALUES ("; 
 $sql .= "'" . $articleID . "',"; 
 $sql .= "'" . $dateTime . "',"; 
 $sql .= "'" . $name . "',"; 
 $sql .= "'" . $comment . "'"; 
 $sql .= ")"; 
 mysql_query($sql,$dbLink); 
  
 // Close Database Connection  
 mysql_close($dbLink); 
  
 header("Location: " . $_POST['page']); 
} 
?> 

Open in new window

0
 
Hube02Commented:
Add the attached code at the very top of the document the you posted. Run your form then view the source to the page and post what it give you. With this I will be able to have a better idea of exactly what you are dealing with.

What this will do is echo the contents of $_POST['frmComment'] to the browser. You will not be able to see the tags unless you view the page source.



<?php
 
if isset($_POST['frmComment']) {
  echo '('.$_POST['frmComment'].')'; die;
}
 
?>

Open in new window

0
 
producer88Author Commented:
Oops&doing that created a totally blank page - no source code at all.
0
 
Hube02Commented:
Sorry, I missed a close parenthesis, try this

<?php
 
if isset($_POST['frmComment'])) {
  echo '('.$_POST['frmComment'].')'; die;
}
 
?>

Open in new window

0
 
producer88Author Commented:
Nope - that did the same thing&no code at all, blank page!
0
 
Hube02Commented:
You know, some days I think my head is not screwed on quite right when I can't even type up a simple if statement without making numerous errors. Anyway, try this one.



<?php
 
if (isset($_POST['frmComment'])) {
  echo '('.$_POST['frmComment'].')'; die;
}
 
?>

Open in new window

0
 
producer88Author Commented:
No worries!  I just appreciate the help as this one is beyond me!

Okay - that still doesn't prevent javascript code from being input and working once it is&but here is the source code for the page.



  
 
<head>
<style type="text/css">
<!--
body {
	font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
	font-size: 12px;
	color: #FFF;
	background-repeat: no-repeat;
	margin-left: 0px;
	margin-top: 0px;
	background-color: #295c72;
}
#frmReview p {
	font-family: Verdana, Geneva, sans-serif;
	font-size: 11px;
	color: #FFF;
	text-align: left;
}
#comments_box {
	width: 380px;
}
a:link {
	color: #FC0;
	text-decoration: none;
}
a:visited {
	text-decoration: none;
}
a:hover {
	text-decoration: underline;
}
a:active {
	text-decoration: none;
}
-->
</style>
<script language=javascript>
//Edit the counter/limiter value as your wish
var count = "500";   //Example: var count = "175";
function limiter(){
var tex = document.frmReview.frmComment.value;
var len = tex.length;
if(len > count){
        tex = tex.substring(0,count);
        document.frmReview.frmComment.value =tex;
        return false;
}
document.frmReview.limit.value = count-len;
}
 
</script>
 
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"></head>
 
<body>
<div id="comments_box">Submit Your Video Review
  <form id="frmReview" name="frmReview" method="post" action="/01/includes/add_comment.php">
    <p>
      <label for="frmName">Name</label>
 
      
  <input name="frmName" type="text" id="Name" tabindex="10" size="40" />
      </p>
    <p>
      <label for="frmComment">Comment</label>
      <br />
      <textarea name="frmComment" cols="50" rows="3" id="Comment" tabindex="20" onkeyup=limiter()></textarea>
    </p>
    <p>
 
      <input type="hidden" name="frmArticleID" id="ArticleID" value=""/>
      <input type="hidden" name="page" id="page" value=""/>
  <script language=javascript>
document.write("<input type=text name=limit size=4 readonly value="+count+">");
</script> Characters left      
		<input type="submit" name="Submit" id="Submit" value="Add Comment" tabindex="30" />
 
    <a href = "javascript:history.back()">Back to Comments</a> </p>
 
  </form>
 
</div>
</body>
</html>

Open in new window

0
 
producer88Author Commented:
BTW - that last code did not enter anything into the database, but it did show the javascript code in the input window and did not redirect to the error page or back to the input form.
0
 
Hube02Commented:
This isn't at all what I need to see. Somehow we are at cross purposes.

Lets try something else. Edit your section of code to look like the attached snippet, then try to submit your form and send me what is output to the browser. I need to see what is in the comment so I know how to remove it.



// Read data to insert into Database
  // this is the line we are adding to see what is in
  // $_POST['frmComment']
 echo htmlentities($_POST['frmComment']);die;
 if (!get_magic_quotes_gpc()) { 
  $name = addslashes($_POST['frmName']); 
  $comment = addslashes($_POST['frmComment']); 
  $articleID = addslashes($_POST['frmArticleID']); 
 } else { 
  $name = $_POST['frmName']; 
  $comment = $_POST['frmComment']; 
  $articleID = $_POST['frmArticleID']; 
 }

Open in new window

0
 
producer88Author Commented:
I am sorry - maybe this will help clarify what's going on!

COMMENTS BOX
http://www.dogvideolibrary.com/01/01_herding/call_comments1_test.php

Go to this URL with "click here to add comment"

When you click and add a comment - I need the user to be returned to the comments list (this URL above)

Both of these two docs reside in an iFrame inside a Flowplayer flash player info tab& Right now, it is working great - but allowing the input of javascript.  So some idiot could actually copy the "embed" code and stick it into the comments box - which someone did already!

Here is a link to the live files working on the site:  http://www.dogvideolibrary.com/01/02_basenji.php
0
 
Hube02Commented:
this won't help me, I would need to be able to edit the code. I can't run your code locally because I don't have all the files and even if I could there would be differences because of the different servers.

What I really need to know is what the text is in the $_POST variable just before we attempt the preg_replace(). The only way to do this is to echo what is in that variable to the browser.

With that information I could make sure we are looking for the right thing.
0
 
producer88Author Commented:
Here is all the code for the page.  Is this what you need?  I had given this above.
<?php
 
if (isset($_POST['frmComment'])) {
  echo '('.$_POST['frmComment'].')'; die;
}
 
?>
<?php require_once("../../WA_ValidationToolkit/WAVT_Scripts_PHP.php"); ?>
<?php require_once("../../WA_ValidationToolkit/WAVT_ValidatedForm_PHP.php"); ?>
<?php 
if ($_SERVER["REQUEST_METHOD"] == "POST")  {
  $WAFV_Redirect = "comment_added.php";
  $_SESSION['WAVT_addcomment_Errors'] = "";
  if ($WAFV_Redirect == "")  {
    $WAFV_Redirect = $_SERVER["PHP_SELF"];
  }
  $WAFV_Errors = "";
  $WAFV_Errors .= WAValidateEL(((isset($_POST["frmComment"]))?$_POST["frmComment"]:"") . "",0,500,true,1);
 
  if ($WAFV_Errors != "")  {
    PostResult($WAFV_Redirect,$WAFV_Errors,"addcomment"); 
  }
}
?>
<?php  
require_once("dbConnection.php");  
if($_POST['Submit'] == "Add Comment"){ 
 
  
// Open Database Connection  
 $dbLink = mysql_connect($dbHost, $dbUser, $dbPass); 
 if (!$dbLink){ 
   die ("Database: Couldn`t connect to mySQL Server"); 
 } 
 mysql_select_db($dbName, $dbLink)  
  or die ("Database: Couldn`t open Database");  
 
 // Read data to insert into Database 
 if (!get_magic_quotes_gpc()) { 
  $name = addslashes($_POST['frmName']); 
$comment = addslashes(preg_replace('#</?\w[^>]*>#', '', $_POST['frmComment']));
$articleID = addslashes($_POST['frmArticleID']); 
 } else { 
  $name = $_POST['frmName']; 
  $comment = $_POST['frmComment']; 
  $articleID = $_POST['frmArticleID']; 
 }
 // Create Date Time Field 
 $dateTime = date("Y-m-d H:i:s"); 
  
  // Create SQL Query and Execute 
 $sql = "INSERT INTO comments (article,postDateTime,name,comment) 
VALUES ("; 
 $sql .= "'" . $articleID . "',"; 
 $sql .= "'" . $dateTime . "',"; 
 $sql .= "'" . $name . "',"; 
 $sql .= "'" . $comment . "'"; 
 $sql .= ")"; 
 mysql_query($sql,$dbLink); 
  
 // Close Database Connection  
 mysql_close($dbLink); 
  
 header("Location: " . $_POST['page']); 
} 
?> 
 
<head>
<style type="text/css">
<!--
body {
	font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
	font-size: 12px;
	color: #FFF;
	background-repeat: no-repeat;
	margin-left: 0px;
	margin-top: 0px;
	background-color: #295c72;
}
#frmReview p {
	font-family: Verdana, Geneva, sans-serif;
	font-size: 11px;
	color: #FFF;
	text-align: left;
}
#comments_box {
	width: 380px;
}
a:link {
	color: #FC0;
	text-decoration: none;
}
a:visited {
	text-decoration: none;
}
a:hover {
	text-decoration: underline;
}
a:active {
	text-decoration: none;
}
-->
</style>
<script language=javascript>
//Edit the counter/limiter value as your wish
var count = "500";   //Example: var count = "175";
function limiter(){
var tex = document.frmReview.frmComment.value;
var len = tex.length;
if(len > count){
        tex = tex.substring(0,count);
        document.frmReview.frmComment.value =tex;
        return false;
}
document.frmReview.limit.value = count-len;
}
 
</script>
 
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"></head>
 
<body>
<div id="comments_box">Submit Your Video Review
  <form id="frmReview" name="frmReview" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <p>
      <label for="frmName">Name</label>
      
  <input name="frmName" type="text" id="Name" tabindex="10" size="40" />
      </p>
    <p>
      <label for="frmComment">Comment</label>
      <br />
      <textarea name="frmComment" cols="50" rows="3" id="Comment" tabindex="20" onkeyup=limiter()></textarea>
    </p>
    <p>
      <input type="hidden" name="frmArticleID" id="ArticleID" value="<?php echo $_GET['id']; ?>"/>
      <input type="hidden" name="page" id="page" value="<?php echo $_GET['page']; ?>"/>
  <script language=javascript>
document.write("<input type=text name=limit size=4 readonly value="+count+">");
</script> Characters left      
		<input type="submit" name="Submit" id="Submit" value="Add Comment" tabindex="30" />
 
    <a href = "javascript:history.back()">Back to Comments</a> </p>
 
  </form>
</div>
</body>
</html>

Open in new window

0
 
Hube02Commented:
change your code to the following and then try to submit the form then copy and paste what you get.

<?php require_once("../../WA_ValidationToolkit/WAVT_Scripts_PHP.php"); ?>
<?php require_once("../../WA_ValidationToolkit/WAVT_ValidatedForm_PHP.php"); ?>
<?php 
if ($_SERVER["REQUEST_METHOD"] == "POST")  {
  $WAFV_Redirect = "comment_added.php";
  $_SESSION['WAVT_addcomment_Errors'] = "";
  if ($WAFV_Redirect == "")  {
    $WAFV_Redirect = $_SERVER["PHP_SELF"];
  }
  $WAFV_Errors = "";
  $WAFV_Errors .= WAValidateEL(((isset($_POST["frmComment"]))?$_POST["frmComment"]:"") . "",0,500,true,1);
 
  if ($WAFV_Errors != "")  {
    PostResult($WAFV_Redirect,$WAFV_Errors,"addcomment"); 
  }
}
?>
<?php  
require_once("dbConnection.php");  
if($_POST['Submit'] == "Add Comment"){ 
 
  
// Open Database Connection  
 $dbLink = mysql_connect($dbHost, $dbUser, $dbPass); 
 if (!$dbLink){ 
   die ("Database: Couldn`t connect to mySQL Server"); 
 } 
 mysql_select_db($dbName, $dbLink)  
  or die ("Database: Couldn`t open Database");  
 
 // Read data to insert into Database 
 
// add this
 echo htmlentities($_POST['frmComment']);die;
 
 if (!get_magic_quotes_gpc()) { 
  $name = addslashes($_POST['frmName']); 
$comment = addslashes(preg_replace('#</?\w[^>]*>#', '', $_POST['frmComment']));
$articleID = addslashes($_POST['frmArticleID']); 
 } else { 
  $name = $_POST['frmName']; 
  $comment = $_POST['frmComment']; 
  $articleID = $_POST['frmArticleID']; 
 }
 // Create Date Time Field 
 $dateTime = date("Y-m-d H:i:s"); 
  
  // Create SQL Query and Execute 
 $sql = "INSERT INTO comments (article,postDateTime,name,comment) 
VALUES ("; 
 $sql .= "'" . $articleID . "',"; 
 $sql .= "'" . $dateTime . "',"; 
 $sql .= "'" . $name . "',"; 
 $sql .= "'" . $comment . "'"; 
 $sql .= ")"; 
 mysql_query($sql,$dbLink); 
  
 // Close Database Connection  
 mysql_close($dbLink); 
  
 header("Location: " . $_POST['page']); 
} 
?> 
 
<head>
<style type="text/css">
<!--
body {
	font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
	font-size: 12px;
	color: #FFF;
	background-repeat: no-repeat;
	margin-left: 0px;
	margin-top: 0px;
	background-color: #295c72;
}
#frmReview p {
	font-family: Verdana, Geneva, sans-serif;
	font-size: 11px;
	color: #FFF;
	text-align: left;
}
#comments_box {
	width: 380px;
}
a:link {
	color: #FC0;
	text-decoration: none;
}
a:visited {
	text-decoration: none;
}
a:hover {
	text-decoration: underline;
}
a:active {
	text-decoration: none;
}
-->
</style>
<script language=javascript>
//Edit the counter/limiter value as your wish
var count = "500";   //Example: var count = "175";
function limiter(){
var tex = document.frmReview.frmComment.value;
var len = tex.length;
if(len > count){
        tex = tex.substring(0,count);
        document.frmReview.frmComment.value =tex;
        return false;
}
document.frmReview.limit.value = count-len;
}
 
</script>
 
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"></head>
 
<body>
<div id="comments_box">Submit Your Video Review
  <form id="frmReview" name="frmReview" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <p>
      <label for="frmName">Name</label>
      
  <input name="frmName" type="text" id="Name" tabindex="10" size="40" />
      </p>
    <p>
      <label for="frmComment">Comment</label>
      <br />
      <textarea name="frmComment" cols="50" rows="3" id="Comment" tabindex="20" onkeyup=limiter()></textarea>
    </p>
    <p>
      <input type="hidden" name="frmArticleID" id="ArticleID" value="<?php echo $_GET['id']; ?>"/>
      <input type="hidden" name="page" id="page" value="<?php echo $_GET['page']; ?>"/>
  <script language=javascript>
document.write("<input type=text name=limit size=4 readonly value="+count+">");
</script> Characters left      
		<input type="submit" name="Submit" id="Submit" value="Add Comment" tabindex="30" />
 
    <a href = "javascript:history.back()">Back to Comments</a> </p>
 
  </form>
</div>
</body>
</html>

Open in new window

0
 
Hube02Commented:
just so that you know what has changed, I removed the code from the beginning that I told you to add and I added the line that is at line 34 in the above posted code.
0
 
producer88Author Commented:
thanks so much for all your time today.  I must step away from the computer and tend to family holiday issues now.  Will get back to this tomorrow and hope that you will continue to work me thru until we get it going right!  Hope you have a nice evening.
0
 
producer88Author Commented:
I do apologize for taking so long to get back to this problem.  I have tried the code above and what happens is this:

When javascript code is entered in the comment box, all code on the entire page is replaced by this javascript line of code.  Literally, the view source shows the following:

 <a href = \&quot;javascript:history.back()\&quot;>Back to Comments</a>

which is what was entered into the comments box and submitted.

Thank you again for your patience as I continue to try to resolve the issue.  I hope this helps!
0
 
Hube02Commented:
That's exactly what's suppose to happen because of this line: (line 34 of the code I posted)  

echo htmlentities($_POST['frmComment']);die;

Now I can see what the actual code you are trying to eliminate looks like.

What I need to know is it you want to disallow all links or just links with javascript in them?

0
 
Hube02Commented:
But we are trying to remove HTML and the code I posted should remove the link completely, let me look at this again....
0
 
producer88Author Commented:
Yes, it removes the link and code - but it does away with the code I had that would put the user back to the comments list, or a blank comment entry box.  This is just bouncing user back to a page with only the text entered on it.
0
 
Hube02Commented:
This last one adds the preg_replace to both places there the $comment value is set. This should remove the html from the input.

Let me know

<?php require_once("../../WA_ValidationToolkit/WAVT_Scripts_PHP.php"); ?>
<?php require_once("../../WA_ValidationToolkit/WAVT_ValidatedForm_PHP.php"); ?>
<?php 
if ($_SERVER["REQUEST_METHOD"] == "POST")  {
  $WAFV_Redirect = "comment_added.php";
  $_SESSION['WAVT_addcomment_Errors'] = "";
  if ($WAFV_Redirect == "")  {
    $WAFV_Redirect = $_SERVER["PHP_SELF"];
  }
  $WAFV_Errors = "";
  $WAFV_Errors .= WAValidateEL(((isset($_POST["frmComment"]))?$_POST["frmComment"]:"") . "",0,500,true,1);
 
  if ($WAFV_Errors != "")  {
    PostResult($WAFV_Redirect,$WAFV_Errors,"addcomment"); 
  }
}
?>
<?php  
require_once("dbConnection.php");  
if($_POST['Submit'] == "Add Comment"){ 
 
  
// Open Database Connection  
 $dbLink = mysql_connect($dbHost, $dbUser, $dbPass); 
 if (!$dbLink){ 
   die ("Database: Couldn`t connect to mySQL Server"); 
 } 
 mysql_select_db($dbName, $dbLink)  
  or die ("Database: Couldn`t open Database");  
 
 // Read data to insert into Database 
 
 if (!get_magic_quotes_gpc()) { 
  $name = addslashes($_POST['frmName']); 
$comment = addslashes(preg_replace('#</?\w[^>]*>#', '', $_POST['frmComment']));
$articleID = addslashes($_POST['frmArticleID']); 
 } else { 
  $name = $_POST['frmName']; 
  $comment = preg_replace('#</?\w[^>]*>#', '', $_POST['frmComment']); 
  $articleID = $_POST['frmArticleID']; 
 }
 // Create Date Time Field 
 $dateTime = date("Y-m-d H:i:s"); 
  
  // Create SQL Query and Execute 
 $sql = "INSERT INTO comments (article,postDateTime,name,comment) 
VALUES ("; 
 $sql .= "'" . $articleID . "',"; 
 $sql .= "'" . $dateTime . "',"; 
 $sql .= "'" . $name . "',"; 
 $sql .= "'" . $comment . "'"; 
 $sql .= ")"; 
 mysql_query($sql,$dbLink); 
  
 // Close Database Connection  
 mysql_close($dbLink); 
  
 header("Location: " . $_POST['page']); 
} 
?> 
 
<head>
<style type="text/css">
<!--
body {
	font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
	font-size: 12px;
	color: #FFF;
	background-repeat: no-repeat;
	margin-left: 0px;
	margin-top: 0px;
	background-color: #295c72;
}
#frmReview p {
	font-family: Verdana, Geneva, sans-serif;
	font-size: 11px;
	color: #FFF;
	text-align: left;
}
#comments_box {
	width: 380px;
}
a:link {
	color: #FC0;
	text-decoration: none;
}
a:visited {
	text-decoration: none;
}
a:hover {
	text-decoration: underline;
}
a:active {
	text-decoration: none;
}
-->
</style>
<script language=javascript>
//Edit the counter/limiter value as your wish
var count = "500";   //Example: var count = "175";
function limiter(){
var tex = document.frmReview.frmComment.value;
var len = tex.length;
if(len > count){
        tex = tex.substring(0,count);
        document.frmReview.frmComment.value =tex;
        return false;
}
document.frmReview.limit.value = count-len;
}
 
</script>
 
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"></head>
 
<body>
<div id="comments_box">Submit Your Video Review
  <form id="frmReview" name="frmReview" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <p>
      <label for="frmName">Name</label>
      
  <input name="frmName" type="text" id="Name" tabindex="10" size="40" />
      </p>
    <p>
      <label for="frmComment">Comment</label>
      <br />
      <textarea name="frmComment" cols="50" rows="3" id="Comment" tabindex="20" onkeyup=limiter()></textarea>
    </p>
    <p>
      <input type="hidden" name="frmArticleID" id="ArticleID" value="<?php echo $_GET['id']; ?>"/>
      <input type="hidden" name="page" id="page" value="<?php echo $_GET['page']; ?>"/>
  <script language=javascript>
document.write("<input type=text name=limit size=4 readonly value="+count+">");
</script> Characters left      
		<input type="submit" name="Submit" id="Submit" value="Add Comment" tabindex="30" />
 
    <a href = "javascript:history.back()">Back to Comments</a> </p>
 
  </form>
</div>
</body>
</html>

Open in new window

0
 
producer88Author Commented:
Oh, I am so happy!  That appears to be working perfectly!  I entered the javascript code and it stripped out the code, left only the text and sent me back to the list of comments!

THANK YOU SO MUCH!  I appreciate your patience and your expertise in helping me resolve this issue.
0
 
producer88Author Commented:
Excellent job, thanks for your patience and expertise!
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 14
  • 13
Tackle projects and never again get stuck behind a technical roadblock.
Join Now