I replaced some input texts to textarea.
Now when I save the content in database, the textarea is saving a string " " in database. As it's a empty content, I want to save null on database, like it happens with the input text field.
Do you know why this occurs?
Would this work for you?
if(empty($_POST['textarea'])){
$_POST['textarea']=NULL;
}
You would also need to make sure that the SQL column supports NULL values.
You should be doing something to sanitize user input before it's added to the database in the first place. If the string is empty, have your sanitizer change it to null before it is saved.
You might benefit from reading an article on SQL Injection (I'm assuming you're working with PHP, but this topic is valid for any code that connects to a database).
There was two spaces in my element. Take look at the code:
<li class="comentarios">
<label for="comentarios">Comentários:</label>
<textarea type="text" rows="5" cols="50"> #comentarios </textarea>
</li>
Related
I'm building a form with Apache Freemarker that contains data for a data structure. For some reason I have to prohibit the character * from ever being submitted into one of the fields. I have been able to successfully forbid the character using my input field like so:
<input type="text" name="permission" id="permission" class="form-control" pattern="^[^\*]*" value="<#if permission??>${permission}</#if>"/>
However, I can still input the * character. This is still fine to me, but what isn't is that one only gets the message, that the input is invalid, once one clicks send. This looks like this:
This does not only not match my style, but the message is rather unhelpful. How do I
customize this box, if I even can.
make the hint appear, as soon as someone enteres a forbidden character
I'm sure someone will mark this as a duplicate question but no other answers worked for me.
I am using ruby and passing a variable into my html page. Let's say my variable "camp_name" is equal to "abc'd"
<%=camp_name%>
This outputs "abc'd" which is what I want.
<input type="text" class="form-control" name="campaign_name" required value='<%=camp_name%>'>
The value in the field is now "abc" because of the single apostrophe. How do i get it to ignore apostrophes? Thanks.
You can escape the variable to html entities:
camp_name.gsub("'", "'")
You should do that for other characters as well, because, as mentioned by a comment, the user could simply insert an HTML tag in your page with your current script. Probably the most important ones are the following:
camp_name.gsub("<", "<")
camp_name.gsub(">", ">")
If you're using Rack (which would definitely be in use if you're using Rails or Sinatra, and it might be there even if you're not), there is a builtin for escaping HTML for just this kind of thing. Calling Rack::Utils#escape_html will replace ampersands, brackets, and quotes with their HTML entities (e.g. ' instead of ').
In your case, you'd want the following code:
<input type="text" class="form-control" name="campaign_name" required value='<%= Rack::Utils.escape_html(camp_name) %>'>
This would evaluate to:
<input type="text" class="form-control" name="campaign_name" required value='abc'd'>
which is the proper way of displaying an apostrophe in HTML.
Just as a side note, displaying user-submitted text without escaping on a website is a very bad idea, because malicious users can add arbitrary Javascript that could render your site useless, add advertisements, and more. You should definitely get into the habit of escaping any text that users can submit before displaying it, either by gsubing manually or using a helper method like this.
I'm developing a browser and I want to automatically insert a string in googles search field, when loading the page. The problem is, that it has no type="text". I've seen an approach to search for an element with name="q" (that's the name of the field), but it seems to be not very elegant, since it's possible, that the name changes over time.
Does anyone has a better idea?
THX
I just checked, when I call both "google.com" and "google.at" the text field has type="text":
<input id="gbqfq" class="gbqfif" name="q" type="text" [...]>
But: Searching for an input field with type="text" is just as brittle as searching for an input field with name="q": Google might add more input fields, rename them, do even more JavaScript magic, ...
If you just want to search for stuff, you cann use the following GET request: https://www.google.com/search?q=QUERY_GOES_HERE - This is probably a lot more stable than inserting text into text fields. (HT to Ethan Brouwer who mentioned this in a comment on your question).
I'm working on a simple check for my input fields. I got 3 places where I'm validating user-input: javascript regex, html pattern and php regex. The Javascript and PHP part work fine, but my HTML pattern somehow returns an error for every input except blank. I tested it on regexpal.com (regex tester) and it works perfectly fine there, so I reckon I must be doing something wrong.
Here's my regex:
/^[a-zA-Z0-9\!\?\,\.\s]{0,50}$/
I'm trying to allow users to input the following:
Alphabetic characters, including capitals
Numeric characters
Puncation: exclamation(!), question(?), comma(,) and dot(.)
Spaces
Here's how I implement it:
<input type="text" id="name" name="name" aria-required="true" pattern="/^[a-zA-Z0-9\!\?\,\.\s]{0,50}$/" value="loaded value from db">
Please note: I'm allowing 0 characters to be entered because I will check it with PHP, and if the input field(s) is/are empty, a pre-set value will be written to the database.
Basically it should allow users to enter general words or sentences, but somehow it doesn't allow anything. The only way I don't get an "error" is when I leave the inputfield blank. What am I doing wrong? Is my regex wrong? Am I not implementing it correctly? I can provide more code if necessary.
Help is much appreciated!
Thanks in advance.
Try removing the forward slashes (/) from the input's pattern attribute.
Here is my problem : in my database, I got a VACHAR2 of length 2000. Let's call it the "commentReception".
It is mapped to a String in my Struts bean.
The jspx (that handles both consult and update, within the form) looks that way :
<s:if test="%{consultAction}">
<s:textarea name="dto.commentReception" readonly="true" cssClass="textAreaValue readonly" />
</s:if>
<s:else>
<s:textarea name="dto.commentReception" readonly="false" cssClass="textAreaValue" />
</s:else>
When I submit the form, the bean is filled correctly, meaning without any \r\n at the end, and I get only one line, even in the database : no newlines.
But when I switch to consultAction, or let's say re-edit the form (not consultAction) another time, I get my string with an extra 2 newlines. That's really annoying and I don't know if it comes from Struts or from the tag. (with me probably missing a tag attribute?)
Of course, if I submit the form again, the comment string will be stored in the database with the newlines. So it will add two more new lines every saving of my comment...
Do you know where my problem comes from? Thanks already.
Edit : the generated form
<textarea class="textAreaValue" id="saveControleReception_dto_commentReceiption" rows="" cols="" name="dto.commentReceiption">commentaire contrôle avant reception.
</textarea>
You can see there are some newlines, but they are not taken into account in my bean. But they are somehow when I reload it.
So, it seems that the struts tag is adding by default two \r\n to the String upon loading the bean. That must be some kind of bug. So here is my solution :
<s:if test="%{consultAction}">
<textarea readonly="true" class="textAreaValue readonly"><s:property value="dto.commentReceiption"/></textarea>
</s:if>
<s:else>
<textarea class="textAreaValue" name="dto.commentReceiption"><s:property value="dto.commentReceiption"/></textarea>
</s:else>
I used the html tag instead of Strut's, and the property tag... If someone has a better answer (there must be), I'm still listening ;)
When you save or retreive your data add trim() in case you use mySQL. this will remove the remaining white spaces when you retrieve/seve it