Improving a Custom Forum Page - Storing/reading to Database

Discussion forum for MOD Writers regarding MOD Development.
Locked
Catalyzt
Registered User
Posts: 6
Joined: Wed Sep 30, 2009 11:08 pm

Improving a Custom Forum Page - Storing/reading to Database

Post by Catalyzt »

Hi there,

I have added an Events section to our phpBB forum which uses Custom Template and PHP files to store and view Music events in our local city.

http://www.drumandbass.co.nz/events.php

When editing an event, the user sees a page like this...

Image

I would like to improve my code as there are some issues with the description text.

Currently in my Template File I do the following using Javascript and jQuery to save the edit Form

Code: Select all

     
$.get("events.php", $('#edit_form').serialize())
  .success(function(response) { 
    if (response == "Success") {
       ...<code omitted>...
    } else {
      alert('Error while Posting Comment: \r\r' + response);
    }
  }).error(function() { alert("Error while posting."); });
}
So the Form elements are serialized and a GET is called to events.php.

Inside events.php, I clean the Description field using the following function. This seems to work correctly.

Code: Select all

     
$description = $db->sql_escape(request_var('ed', ''));

My problems start when I try to retrieve my Events from the database for display and editing. For displaying, I take the string out of the Database and clean it so that the result is correctly formatted. For this I use the following custom function in PHP.

Code: Select all

function clean_string($value) {
  $order   = array("\r\n", "\n", "\r");
  $replace = '<br />';
  $cleaned = str_replace($order, $replace, $value);
  return addslashes($cleaned);
}
Problematically, I get things like Apostrophes with a slash before them, but otherwise it mostly works.


To add an extra level of trickiness, I have another function to clean the string out of the Database for use with Javascript, as Javascript needs strings to be escaped differently than HTML. Here is the function I use for this...

Code: Select all

function dirty_string($value) {
  $dirty = str_replace(array("\r\n", "\n", "\r"), '\\n', $value);
  $dirty = str_replace('"', '', $dirty);
  $dirty = str_replace("<", '<', $dirty);
  $dirty = str_replace(">", '>', $dirty);
  $dirty = str_replace("&", '&', $dirty);
  $dirty = str_replace(""", "'", $dirty);
  return $dirty;
}
I can then use the 'Dirty' string directly as a Javascript string incased in double quotes as I have made sure to remove them all (meaning that none can be used inside the string).

I find that this approach is not ideal and I'm hoping that there is a phpBB approach I can use to prepare strings for the Database and pull them out ready for use in Javascript or HTML. Even better it might be nice to use BBCode too!

Can anyone please assist me and offer advice for a better approach?

Thanks in advance.
MarkTheDaemon
Former Team Member
Posts: 2770
Joined: Thu Oct 20, 2005 2:42 am
Location: United Kingdom
Name: Mark Barnes

Re: Improving a Custom Forum Page - Storing/reading to Datab

Post by MarkTheDaemon »

Have a look at the functions generate_text_for_storage and generate_text_for_display.

https://wiki.phpbb.com/Tutorial.Parsing_text
Catalyzt
Registered User
Posts: 6
Joined: Wed Sep 30, 2009 11:08 pm

Re: Improving a Custom Forum Page - Storing/reading to Datab

Post by Catalyzt »

Thank you, I have modified my code to use generate_text_for_storage and generate_text_for_display. It has worked perfectly.
Locked

Return to “[3.0.x] MOD Writers Discussion”