Prepare text area string for AJAX?

johnuk · January 21, 2011, 9:35am

Hey all,

I am just putting the finishing touches to a comment system. It uses Asynchronous HTML over HTTP to send a comment (GET request) entered into a text area.

My question is, should be escapeing / encodeing this string before it is sent? I am concerned a user might enter some characters that might break the query string, and therefor not be able to submit their comment (I hope that makes sense).

chris_upjohn · January 21, 2011, 10:13am

encodeURIComponent would be a good method to use when dealing with query strings in the URI

johnuk · January 21, 2011, 10:19am

Hello SgtLegend,

Ah yes thats the one I had in mind - I used it last year and couldnt remember the name.

Just one other question for you. On facebook when you enter say a comment into your status or wherever, it remembers formatting such as horizontal space between paragraphs, and I was wondering how do they acehive this?

In the past when ive written comment systems it just ends up as one big string !

chris_upjohn · January 21, 2011, 10:46am

All you need to do is write a simple replace string that replaces

\ = tab

= new line
\r = return
’ ’ = space

Replacements
\ = - Usually its 4 indents for a tab

= <br />
\r = <br />
’ ’ =

johnuk · January 21, 2011, 10:53am

Could you give me an example of how to do that possibly?

chris_upjohn · January 21, 2011, 11:22am

How do you plan on parsing it? Server side or using javascript

johnuk · January 21, 2011, 11:24am

It is sent straight to my PHP script, run through :-


$strComment = mysql_real_escape_string(trim ($_GET['strComment']));

then put into the DB, later down the page extracted and echo’d to the document.

chris_upjohn · January 21, 2011, 11:55am

Give this a try

$strComment = mysql_real_escape_string(trim($_GET['strComment']));
$strComment = str_replace('\	', '&nbsp;&nbsp;&nbsp;&nbsp;', $strComment);
$strComment = str_replace(array('\
','\\r'), '<br />', $strComment);
$strComment = str_replace(' ', '&nbsp;', $strComment);

johnuk · January 21, 2011, 11:58am

That looks great! Im getting an error thought:-

Parse error: syntax error, unexpected T_VARIABLE, expecting ‘)’ in /home/mattacuk/public_html/fishspots.net/devshed/Warrington/Comment/comment_Rpc.php on line 46

chris_upjohn · January 21, 2011, 12:00pm

My mistake, i updated the code above

johnuk · January 21, 2011, 12:03pm

Hmmm, its coming out like this “This is the first parapgraph.This is the first parapgraph.”

johnuk · January 21, 2011, 12:05pm

This seems to work though:-

$strComment  = str_replace(array("\
", "\\r", "\	"), array("<br />", "<br />", "&nbsp;&nbsp;&nbsp;&nbsp;"), $_GET['strComment']);
		$strFComment  = mysql_real_escape_string(trim ($strComment));