Display of comment from database

General PHP Help
#1

Hello everyone, the problem I have is a bit strange. I have db into which I save comments and then display them under articles. Everything works just fine but when I comment some code (I did just from testing purposes, don’t expect people posting codes there), it won’t display and I suspect it integrates into the code of the page. I tried to “wrap” the comment into “” and ‘’ but it still won’t display the code.

Does anyone have any idea?

[php]$f1=mysql_result($result,$i,“name”);
$f2=mysql_result($result,$i,“mail”);
$f3=mysql_result($result,$i,“time”);
$f4=mysql_result($result,$i,“comment”);
?>

<?php echo $f1; ?> (<?php echo $f2; ?>) <?php echo $f3; ?> '<?php echo "$f4"; ?>'[/php]

Basically, I tried to fiddle with echo $f4 - use “” or ‘’ but nothing works. Other comments work and the field db contains text I posted there.

Pls help

#2

so you are trying to display “Code” from the comment database? like, if someone put in hello??

no quite sure what you mean?

if you want to display the actual code entered (like HTML) you need to use htmlentities($comment) when writing to the DB and it will change all the <'s and stuff in the the html code for the symbol… then when you display it, it should LOOK like html code but not act like it. You could also try using a textarea but with CSS so it doesnt look like a textbox (disable/lock it too)

#3

Lots of questions to solve this one… First, this line:

'<?php echo "$f4"; ?>'

does not need the quotes. Not around the PHP or inside it. Unless you want the comment to be quoted such as an example: ‘some comment’ … So, the most likely issue is the way you saved the comment inside the database. In databases, you can not store the data with quotes and several special characters. You have to convert them to other special characters.

There is a simple way to view what is really in the code. Just go to the point where it should display the comment, RIGHT-CLICK on the page in a blank area and select VIEW-SOURCE. This will show you the actual source code and you can see if there is anything odd in it. If it is blank where you are expecting a comment, then most likely it was never saved correctly in the database. At which point you should log into your hosting system and browse the database to see if the data is actually in there!

Well, debug it, good luck!

#4

What I basically meant was that when someone enters comment in form of some code like this:

<b>Bold</b>

the text of comment is bold. I find it dangerous because when he types in something like this:

<SCRIPT> Something </SCRIPT>

the comment is being understood as a script. I need it to be understood as a plain text only (obviously, I don’t want every visitor to be able to fiddle with the code and implement own lines…).

That’s why I was trying all those’’ and “” - to make the tags of the comment don’t be undestood as tags at all.

Have some advice, pls? Sorry for stupidity of my enquiries, I’m pretty much newbie to this…

#5

As static said: htmlentities() should work. What it does:

[php]$str = “A ‘quote’ is bold”;
// Outputs: A ‘quote’ is <b>bold</b>
echo htmlentities($str);[/php]
http://us3.php.net/manual/en/function.htmlentities.php

Will work with as well.

#6

Yes, that was what I meant, what did you store in the database and what was displayed?
If you want to just remove “”, you can use the function for that in PHP:
http://php.net/manual/en/function.strip-tags.php

If you use this function, you can tell it to keep certain tags such as ,

, etc…

#7

ErnieAlex, thank you very much, you helped me as usually. I just wanted to prevent someone to add code into the content. When I’ll have more time, I’m gonna ‘play’ a little and possibly allow some tags. For now, problem is sorted and comments are just plain text.

Thanks again

#8

You are welcome. Don’t forget to read up on the “htmlentities” as Sabmin mentioned, too. That is important to use and learn also. Thanks Sabmin!

Sponsor our Newsletter | Privacy Policy | Terms of Service