|
-
 Make links clickable
Hi,
I am pulling data from database to display it to the user. The user can perform some functions like file upload. Now when I let users upload the file, I am storing the path to the file in my database (& not the actual file itself). The path to access the file would be:
<a href = "../folder1/folder2/attachment.zip">Download attachment</a>
I am storing this file on my server (not in my database).
I am using the following query to display the data from database:
PHP Code:
echo htmlentities($rows['message']);
The problem is that when I try to display the data from database, the htmlentities function is not letting me make the link clickable whereas I want users to be able to click the link to be able to download the attachment.
It is displaying the data as:
<a href = "../folder1/folder2/attachment.zip">Download attachment</a>
whereas I want it to display as:
Download attachment
even after passing through htmlentities. I don't think using html_entity_decode will do any good as that will revert back any malicious input to its original state. I have data validation in place but still would like to use htmlentities to display the data from database & at the same time make the "Download Attachment" link click able. Any suggestions?
Thank you very much in advance. Looking forward for your replies.
-
Bearded (M|G)od
It sounds like you're wrapping the entire output in htmlentities. Meaning, it's going to convert the < and > characters to < and > characters. Resulting in the actual link not being rendered. You should just be storing the filename in the database, then do something like:
<a href="<?php echo htmlentities($filename); ?>">Download attachment</a>
-
What about search ?
I will say that's a very clever idea & would really work had I been just getting only the path from the database. But you see, the real thing is that the file upload path can be stored along with the messages in the same column in the table & there is no way for me to differentiate between clear text & path only if I do not add the <a href> attribute to the downloadable files. I did solve this problem by removing htmlentities for output & modified script as needed & the output is showing as desired. I am using html_entity_decode to be able to display the output correctly. Just 1 problem now:
Now say when someone wants to enter
1
2
3
as input, this data is being stored in the DB as:
PHP Code:
1<br />2<br /><br />3
I am using html_entity_decode to display it correctly as:
1
2
3
But what concerns me now is what if I need to search for some data? How can i search effectively if the data is stored as
PHP Code:
1<br />2<br /><br />3
???
I think my search function will fail miserably under such circumstances. Would really appreciate if you have a solution for this. Looking forward for your reply. Thank you.
-
Bearded (M|G)od
Oh, I see what's going on. You are letting a user enter in some sort of HTML into a text field.
Is it for a public thing, like a forum or comment system? If so, look into use Textile or BBCodes.
If it's a private thing like a CMS, I wouldn't have a problem letting the user enter in HTML code and store that into the database directly. They're not going to ruin their own site. If that's the case, I'd suggest using TinyMCE so they have a graphical interface for the code, just like Wordpress. (Wordpress uses TinyMCE)
So you shouldn't really have to be encoding characters.
-
Hi,
Actually, it's a private messaging feature where one user can send messages to other & even upload attachment.
I will even take a look at your suggested options.
Thanks very much.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote