help! asap!

[Nicholas]

hi, im having a huge problem and cant figure out why its happening!

say someone on my game puts

 

hi, welcome to blah blah

the requirements to join is the following...

strength, agility, defence in hall of fame

active daily

 

but some reason it comes out like this

 

hi, welcome to blah blah the requirements to join is the following... strength, agility, defence in hall of fame active daily

 

it doesnt allow enter bars (drop down a line)

any idea why it would be doing this?

[Zeggy]

Use the nl2br() function to add newlines.

[Nicholas]

never heard of that function lol.

is it like this stuff?

< br /> and /n

if so, that doesnt work nither just says this when i try changing my gang description

 

hi, 
welcome 
test 

 

do you think it could be something to do with the server?

[Mr-Anthony]

Lol,

have you tryed useing html with it.

[Zeggy]

Well, it might not work depending on where you are using it. I assumed you'd be using it when you output the text on a web page.

nl2br() converts all your new lines into

tags so if you output text with newlines on an html page, it will display correctly.

If you're displaying it in a text field, of course it will show

, html is not rendered in form fields.

Also, if you are using code like htmlentities after you use nl2br, it will convert all the < and > to html entities.

[Nicholas]

its doing it for everything...

gang description

mailbox messages

profile signiture

usershops description

and blah blah...

i never edited anything so i have no idea why its doing it...

i do keep on thinking its something to do with the server.

[Nicholas]

ahh ha i think i figured the bloody thing out!

i added this to globals.php

 

function anti_inject($campo)
{
   foreach($campo as $key => $val)
   {
       $val = mysql_real_escape_string($val);
       // store it back into the array
       $campo[$key] = $val;
   }
   return $campo; //Returns the the var clean
}

//the next two lines make sure all post and get vars are filtered through this function
$_POST = anti_inject($_POST);
$_GET = anti_inject($_GET);

[Magictallguy]

That's a security fail - that won't help you.

Wrapping the output in nl2br() would help you here.

[Zero-Affect]

Yeah Epic fail!

Why do people assume these horrid scripts will work, seriously.

[SlanderDesign]

Yeah Epic fail!

Why do people assume these horrid scripts will work, seriously.

Why criticize?

Why don't you help him so he don't make the mistake again?

It really isn't fun for him to be laughed at...

You guys are "Epic" But for new people it's hard...Teach them the way! :P

[Zero-Affect]

Slander for your information, i know Nicholas and if he was to read threads related to sanitizing scripts then he would notice great examples.

[Jordan Palmer]

Hmm..

 

LOL @ "security"

 

Remember Google is your best friend :)

[Nicholas]

ive only been coding for just over 3 months lol, and im kinda a slow learner lol.

also ive tried searching for security stuff on google, im not a good searcher lol.

cant find any tips at all...

i do happen to have a "essential PHP Security" book made by Chris Shiflett tho... im gonna try and learn them the book about security.

[bluegman991]

yeah that security thing will mess up ur gets and posts as i used it when i didnt know much about security and it will mess up something with ur greater/less than bars i cant remember what it does

but an easier way to make new lines apear is to either

preg replace \n with

 

or nl2br();

[sniko]

echo nl2br($r['gangDESC']);

 

May be wrong on the database feild but thats all you need