7 replies to this topic

[d7x]

Well its not really a error but i cant get this to work!!

Im trying to add this code

$variable = htmlentities($variabletoconvert, ENT_QUOTES);

to this:

<form action="?id=t_nimda" method="post"> 
<p>Title<br> 
<input name="frmtitle" type="text" value="Title"> 
<br> 
Date<br> 
<input name="frmdate" type="text" value="<?php print date("F j Y"); ?>"> 
<br> 
Avatar URL:<br>
<input name="frmavatar" type="text" class="emailform" value="http://www.projectrage.com/icons/" size="23"> 
<br>
Author:<br> 
<input name="frmuser" type="text" value="name" size="23"> 
<br> 
Author Email:<br> 
<input name="frmemail" type="text" value="rage@projectrage.com" size="23"> 
<br> 
Description:<br> 
<textarea name="frmdescription" cols="15" rows="2"></textarea> 
<br> 
Category:<br> 
<select name="frmcategory"> 
<option>HTML</option> 
<option>Photoshop</option> 
<option>PHP</option> 
<option>CSS</option> 
</select> 
<br>Valid BB Code: [quote][/quote]
<br>Tutorial Message:<br> 
<textarea name="frmmessage" cols="40" rows="10"></textarea> 
<br>Password: 
<input name='password' type='password'><br> 
<input name="submit" type="submit"></p> 
</form> 
<?php 
$password="qwerty"; 
if ($_POST["password"]==$password){ 
if (isset($_POST['submit'])) { 
include("dbconnect.php"); 
$Title = addslashes(strip_tags($_POST['frmtitle'])); 
$Avatar = addslashes(strip_tags($_POST['frmavatar'])); 
$User = addslashes(strip_tags($_POST['frmuser'])); 
$Email = addslashes(strip_tags($_POST['frmemail'])); 
$Category = addslashes(strip_tags($_POST['frmcategory'])); 
$Message = $_POST['frmmessage']; 
$Description = addslashes($_POST['frmdescription']); 
$date = addslashes(strip_tags($_POST['frmdate'])); 
$sql = "INSERT INTO $table SET title='$Title', avatar='$Avatar', 
user='$User', email = '$Email', category='$Category', message='$Message', description='$Description', date='$date'"; 
if (mysql_query($sql)) { 
echo("Your tutoral has been added."); 
} else { 
echo("Error adding entry: " . mysql_error() . ""); 
} 
} 
} 
?>

ive tried many different ways, and none seemed to work! , should it be in my display section maybe? really need this for my tutorial section....

[rc69]

First off, why won't it work, and how do you know it's not working?
Are you getting any errors? Is your source not displaying the correct entities?

Need some more info...

[d7x]

no errors.... i try my bbcode tag + a html tag to see if it works, and nothing... i insert it into the database useing the script go to test and i just see a blank spot where the html code should be.... adn the source doesnt display anything....

[rc69]

Well, that doesn't help anything either, try changing your php to this:

if ($_POST["password"]==$password){ 
	if (isset($_POST['submit'])) { 
  include("dbconnect.php"); 
  $Title = addslashes(strip_tags($_POST['frmtitle'])); 
  $Avatar = addslashes(strip_tags($_POST['frmavatar'])); 
  $User = addslashes(strip_tags($_POST['frmuser'])); 
  $Email = addslashes(strip_tags($_POST['frmemail'])); 
  $Category = addslashes(strip_tags($_POST['frmcategory'])); 
  $Message = $_POST['frmmessage']; 
  $Description = addslashes($_POST['frmdescription']); 
  $date = addslashes(strip_tags($_POST['frmdate'])); 
  $sql = "INSERT INTO $table SET title='$Title', avatar='$Avatar', 
  user='$User', email = '$Email', category='$Category', message='$Message', description='$Description', date='$date'"; 
  if (mysql_query($sql)) { 
 	 echo("Your tutoral has been added."); 
  } else { 
 	 echo("Error adding entry: ".mysql_error()); 
  } 
	}else{
  echo 'Submit button was not pressed';
	}
}else{
	echo 'Invalid password';
}

That should help you a bit.

[d7x]

i can insert it fine, but the code

$variable = htmlentities($variabletoconvert, ENT_QUOTES);

wont work when i put it in my add.php file.... its suppose to change all the < > " and stuff into the entiny name so it would show up it so i could display codes for coding tutorials....

Edited by d7x, 08 September 2005 - 04:00 PM.

[rc69]

Well, i have no idea what you're doing wrong. You're probably re-writing the variable some where. It'd help if you posted the code with htmlentities in it... But since you didn't (or i just can't find it), try using htmlspecialchars()
I KNOW that it works, so if it doesn't, then it's something you're doing, and not the function.

[d7x]

alright well i can get it to convert to like the &gt; and stuff, now how can i get it to convert the < > ' " & in my tutorial message automatically to the entiny..... i dont care what code i use....

when i use the htmlspecialchars the variable i put in there were the only thing that showed...

Edited by d7x, 08 September 2005 - 09:58 PM.

[rc69]

The server will only convert what you tell it to, so you have to run everything that needs converting through the function...