johnuk — 2011-01-21T04:35:29-05:00 — #1
I am just putting the finishing touches to a comment system. It uses Asynchronous HTML over HTTP to send a comment (GET request) entered into a text area.
My question is, should be escapeing / encodeing this string before it is sent? I am concerned a user might enter some characters that might break the query string, and therefor not be able to submit their comment (I hope that makes sense).
chris_upjohn — 2011-01-21T05:13:20-05:00 — #2
encodeURIComponent would be a good method to use when dealing with query strings in the URI
johnuk — 2011-01-21T05:19:47-05:00 — #3
Ah yes thats the one I had in mind - I used it last year and couldnt remember the name.
Just one other question for you. On facebook when you enter say a comment into your status or wherever, it remembers formatting such as horizontal space between paragraphs, and I was wondering how do they acehive this?
In the past when ive written comment systems it just ends up as one big string !:eye:
chris_upjohn — 2011-01-21T05:46:39-05:00 — #4
All you need to do is write a simple replace string that replaces
\ = tab
= new line
\r = return
' ' = space
\ = - Usually its 4 indents for a tab
= <br />
\r = <br />
' ' =
johnuk — 2011-01-21T05:53:38-05:00 — #5
Could you give me an example of how to do that possibly?
chris_upjohn — 2011-01-21T06:22:31-05:00 — #6
johnuk — 2011-01-21T06:24:39-05:00 — #7
It is sent straight to my PHP script, run through :-
$strComment = mysql_real_escape_string(trim ($_GET['strComment']));
then put into the DB, later down the page extracted and echo'd to the document.
chris_upjohn — 2011-01-21T06:55:02-05:00 — #8
Give this a try
$strComment = mysql_real_escape_string(trim($_GET['strComment']));
$strComment = str_replace('\ ', ' ', $strComment);
$strComment = str_replace(array('\
','\\r'), '<br />', $strComment);
$strComment = str_replace(' ', ' ', $strComment);
johnuk — 2011-01-21T06:58:46-05:00 — #9
That looks great! Im getting an error thought:-
Parse error: syntax error, unexpected T_VARIABLE, expecting ')' in /home/mattacuk/public_html/fishspots.net/devshed/Warrington/Comment/comment_Rpc.php on line 46
chris_upjohn — 2011-01-21T07:00:00-05:00 — #10
My mistake, i updated the code above
johnuk — 2011-01-21T07:03:38-05:00 — #11
Hmmm, its coming out like this "This is the first parapgraph.This is the first parapgraph."
johnuk — 2011-01-21T07:05:02-05:00 — #12
This seems to work though:-
$strComment = str_replace(array("\
", "\\r", "\ "), array("<br />", "<br />", " "), $_GET['strComment']);
$strFComment = mysql_real_escape_string(trim ($strComment));