Long time reader, first time asker...I'll get to the point.
I'm passing textarea data to QUERY_STRING and need it to play nice with mySQL. To be more specific, I need the text to show the correct line breaks and spacing while also displaying all characters (I'm looking at you, # and friends!). ALSO, I need it to escape all the pesky ' and " characters.
I've tried (almost hopefully) everything. I can't seem to get the ingredients right; I can get the spacing and line breaks to work but not the # characters. I can get the # characters, but not the apostrophes.
ADD: The reason I'm passing this data through the QUERY string and not, say GET, is because I'm using JavaScript (using XMLHttpRequest) to pass the data to a PHP file behind the scenes.
Specifically, the page is set up to send a message without refreshing the page (i.e. Facebook). It takes the data from the ID textarea via DOM, passes it to a separate PHP file which handles the mySQL request but in the mix, I lose information and it doesn't translate. I've been working on this for two days and can't get it to jive. Help!
EDIT: Here is the code. Some of these code snippets are on different pages, but work together to attempt to send a message w/o updating/refreshing the page.
<textarea spellcheck='false' id='composeText' maxlength='250'>
</textarea>
<input type='button' value='Send' style='float:right;' onclick='sendMsg(<?php echo '123654674, 159753';?>)' id='sendMsg'>
parse_str($_SERVER['QUERY_STRING'],$g);
if ($g) {
$msg_id = $g['msg_id'];
$msgFrom = $g['msgFrom'];
$message = addslashes($g['message']);
$message = nl2br($message);
$msgTo = $g['msgTo'];
}
echo "<input type='hidden' id='msgToId2' value='".$msgTo."'>";
addMsg($msg_id, $msgFrom, $msgTo, $message, $conn);
function sendMsg(msg_id, msgFrom) {
msg_id = Math.floor((Math.random() * 1000000000) + 1);
msgFrom = '159753';
msgTo = document.getElementById('msgToId').value;
if (msgTo == "") msgTo = document.getElementById('msgToId2').value;
message = document.getElementById('composeText').value;
message = message.replace(/?
/g, '<br/>');
message = encodeURIComponent(message);
getRequest(
'sendMsg.php?msg_id=' + msg_id + '&msgFrom=' + msgFrom + '&msgTo=' + msgTo + '&message=' + message, // URL for the PHP file
sendMsgOutput, // handle successful request
sendMsgError // handle error
);
return false;
}
function addMsg($msg_id, $msgfrom, $msgto, $message, $conn) {
$message = mysqli_real_escape_string($conn, $message);
$query = "INSERT INTO `messages` (`msg_id`, `msgfrom`, `msgto`, `message`, `timestamp`) VALUES ('$msg_id', '$msgfrom', '$msgto', '$message', DATE_FORMAT(NOW(),'%b %d %Y %h:%i %p'))";
$result = mysqli_query($conn, $query);
}
If all else fails, I thought I'd leave this here, you could use something like TinyMCE which I've used, it is rather impressive.
Usage
A simple demo as per there site,
<!DOCTYPE html>
<html>
<head>
<script src="//cdn.tinymce.com/4/tinymce.min.js"></script>
<script>tinymce.init({ selector:'textarea' });</script>
</head>
<body>
<textarea>Easy! You should check out MoxieManager!</textarea>
</body>
</html>
Overwhelmed by all the extra bits and pieces?
Nothing to worry about as you can remove them and keep what you wish. Below is a minimal setup I use and it can be reduced further.
tinymce.init({
selector: '.tiny-mce',
toolbar: 'bold italic alignleft aligncenter alignright bullist numlist outdent indent undo redo styleselect',
statusbar: false,
menubar: false
});
The documentation is concise too which is a plus point. From the editors appearance to content filtering it has a vast array of options which you can customize.
You can find the full feature list here.