At 12:53 AM +0900 5/26/06, Dave M G wrote:
PHP list,
This may be a simple matter. Please feel free to tell me to RTFM if
you can direct me to exactly where in the FM to R. Or, alternately,
please use simple explanations, as I'm not an experienced PHP coder.
I'm building a simple content management system, where users can
enter text into a web form. The text is stored in a MySQL database.
The text should be plain text.
When the text is retrieved from the database for display, I want to
add some HTML tags so I can control the format with an external CSS.
I'm assuming the best way to do this is with str_replace(). But
there are some complications which make me unsure of its usage.
Dave:
RTFM -- yeah, unfortunately, there's a lot of that going around --
most justified, some not.
In any event, I think this is where you're going wrong -- don't use
str_replace() to alter the *content* at all !
If you know css, then keep the content separate from presentation.
Content comes from your mysql and you should be able to place it
within html markup where its presentation is controlled by css.
For example, if I have a text paragraph ($my_paragraph) that's been
pulled from mysql and I want to show that paragraph in html, then I
would do something like this:
<div="content">
<p>
<?php echo($my_paragraph); ?>
</p>
</div>
That way I use use css to control how that paragraph will look with
those <div> and <p> tags and, at the same time, make the content easy
to handle.
If you want to allow users to enter html tags themselves, then you're
asking for a bit of trouble IMO because you are relying upon them to
do the mark-up correctly.
For example, if someone entered "<h1>This is what I want to say</h1"
-- how would you handle it? Also note that if that was entered
"as-is" your page would not longer be well formed and would probably
cause problems with the rest of your page, not to mention not
validating.
If you think you can write code to fix their mistakes, then I think
that's a mistake for users can screw up code even more than
programmers can. :-)
Additionally, if you don't handle the input right, then there's a
security concern, such as mysql injection.
If you want to give your users the option of having "headlines" and
"body of work", then provide a Headline box and Body of Work box and
then manage those entries in your markup.
I think you get the idea.
I'm sure there are other ways to do this, but this is the way I've done it.
hth's
tedd
--
------------------------------------------------------------------------------------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
