Page 1 of 1

Improving a Custom Forum Page - Storing/reading to Database

Posted: Mon Nov 19, 2012 9:05 pm
by Catalyzt
Hi there,

I have added an Events section to our phpBB forum which uses Custom Template and PHP files to store and view Music events in our local city.

When editing an event, the user sees a page like this...


I would like to improve my code as there are some issues with the description text.

Currently in my Template File I do the following using Javascript and jQuery to save the edit Form

Code: Select all

$.get("events.php", $('#edit_form').serialize())
  .success(function(response) { 
    if (response == "Success") {
       ...<code omitted>...
    } else {
      alert('Error while Posting Comment: \r\r' + response);
  }).error(function() { alert("Error while posting."); });
So the Form elements are serialized and a GET is called to events.php.

Inside events.php, I clean the Description field using the following function. This seems to work correctly.

Code: Select all

$description = $db->sql_escape(request_var('ed', ''));

My problems start when I try to retrieve my Events from the database for display and editing. For displaying, I take the string out of the Database and clean it so that the result is correctly formatted. For this I use the following custom function in PHP.

Code: Select all

function clean_string($value) {
  $order   = array("\r\n", "\n", "\r");
  $replace = '<br />';
  $cleaned = str_replace($order, $replace, $value);
  return addslashes($cleaned);
Problematically, I get things like Apostrophes with a slash before them, but otherwise it mostly works.

To add an extra level of trickiness, I have another function to clean the string out of the Database for use with Javascript, as Javascript needs strings to be escaped differently than HTML. Here is the function I use for this...

Code: Select all

function dirty_string($value) {
  $dirty = str_replace(array("\r\n", "\n", "\r"), '\\n', $value);
  $dirty = str_replace('"', '', $dirty);
  $dirty = str_replace("<", '<', $dirty);
  $dirty = str_replace(">", '>', $dirty);
  $dirty = str_replace("&", '&', $dirty);
  $dirty = str_replace(""", "'", $dirty);
  return $dirty;
I can then use the 'Dirty' string directly as a Javascript string incased in double quotes as I have made sure to remove them all (meaning that none can be used inside the string).

I find that this approach is not ideal and I'm hoping that there is a phpBB approach I can use to prepare strings for the Database and pull them out ready for use in Javascript or HTML. Even better it might be nice to use BBCode too!

Can anyone please assist me and offer advice for a better approach?

Thanks in advance.

Re: Improving a Custom Forum Page - Storing/reading to Datab

Posted: Tue Nov 20, 2012 12:22 am
by MarkTheDaemon
Have a look at the functions generate_text_for_storage and generate_text_for_display.

Re: Improving a Custom Forum Page - Storing/reading to Datab

Posted: Tue Nov 20, 2012 3:10 am
by Catalyzt
Thank you, I have modified my code to use generate_text_for_storage and generate_text_for_display. It has worked perfectly.