Prev: Verity Search Server Problem
Next: How many times should autosuggest fire per user entry?
From: Bullislander05 on 24 Apr 2008 16:14
Hi everyone,

I'm wondering how I would do this:

I want to have a text area where people can input HTML code, but not where the
HTML code is parsed. The text area will end up being added to a table in my
database.

Pretty much, I want people to be able to put this in their text area (Pretend
the quote is the text area)
[Q]
<table>
<tr>
<td>
Test
</td>
</tr>
</table>[/Q]

And when they load the web page not see (again pretend the quote is the text
area):

[Q]Test[/Q]

But rather:

[Q]
<table>
<tr>
<td>
Test
</td>
</tr>
</table>[/Q]

Whenever I seem to pass HTML tags in my data, they're getting processed rather
than being saved. In the project I'm creating, it's critical that users be
able to put the code up in the text areas and have it saved as such.

Does anyone know of any good ways to pass the data through a form (and
ultimately through an SQL statement to change my database) and not have it
evaluated in the process? I then need it to be able to be displayed later as
raw text, and not evaluated HTML. Just a method to pass data in a text area
would be fine. I don't need to worry about any other possible input types.

Thanks!

-Bullislander05

From: Ian Skinner on 24 Apr 2008 16:41
Bullislander05 wrote:
>
> Does anyone know of any good ways to pass the data through a form (and
> ultimately through an SQL statement to change my database) and not have it
> evaluated in the process? I then need it to be able to be displayed later as
> raw text, and not evaluated HTML.

Well the first parts should be happening. Unless you are doing
something really unusual, the form is going to pass the full,
unprocessed data to the action template. Which would save it to a
database again without processing it. A quick look into the data
actually inside the database should confirm this.


Where you would have problem is displaying it, since a browser is going
to parse that code if it receives it straight up. The way around this
is to escape the HTML special characters so that a browser does not
render the code, but rather displays it in all its glory. The
htmlEditFormat() and htmlCodeFormat() functions are for just this
purpose. The escape all HTML special characters so that they are
displayed rather then rendered.

I suggest only escaping the data when displaying rather then when
storing. Usually much more flexible that way.


 | 
Pages: 1
Prev: Verity Search Server Problem
Next: How many times should autosuggest fire per user entry?