Ask a Question related to Coldfusion - Advanced Techniques, Design and Development.
-
kenji776 #1
Safely, effectivly, and properly inserting html codeinto a MS database
Okay everyone here is the deal. I want a thing like on myspace where users can
use their own html code so they can include images, embed audio and such. How
can I make a way for users to be able to insert their code into my database, so
it can be referenced later on their profile page. What i have right now is just
a text area that sends the inputed code to a regular sql update statment, and
that gets put in the ms access database. This doesn't work very well, it seems
tags get cut off, and weird things happen. What is a safe, efficient, proper
way of inserting html code into a database so that nothing is lost, or changed
from the way the user put it in? My current code is attatched. The code
concerning user_html is what i am interested in making work good. Thanks for
the help
<cfapplication sessionmanagement="yes" clientmanagement="yes" >
<cfif session.userrole EQ "guest">
<center>
<font color="red"> You Are Not Authorized To View This Page</font>
</center>
<cfabort>
</cfif>
<cfif isdefined("form.submit")>
<cfquery datasource="users" name="updatecolors">
UPDATE users
SET
showemailaddyOU = '#form.showemailaddyOU#',
backgroundcolorOU = '#form.backgroundcolorOU#',
textcolorOU = '#form.textcolorOU#',
linkcolorOU = '#form.linkcolorOU#',
vlinkcolorOU = '#form.vlinkcolorOU#',
headercolor = '#form.headercolor#',
marquercolor = '#form.marquercolor#',
subheader = '#form.subheader#',
titlesize = #form.titlesize#,
showlastname = '#form.showlastname#',
showphone = '#form.showphone#',
user_html = '#form.user_html#',
fonttype = '#form.fonttype#'
WHERE userid = #form.userid#
</cfquery>
</cfif>
<cfparam name="url.name" default="0">
<cfparam name="form.UserID" default="#session.userid#" type="string">
<cfquery datasource="users" name="userdetails">
select * from users where userid = #session.userid#
</cfquery>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<link href="../mainload.css" rel="stylesheet" type="text/css">
<META NAME="Description" CONTENT="DigitalSwordsmen.com - Free Music, Games,
Videos, Programs, FTP Server, Mail Server and more. We have info on swords,
anime, and video games. Free forums, and personl profile. Web log comming
soon.">
<META NAME="Keywords" CONTENT="Swordsmanship, swords, swordfighting, anime,
manga, snes, nes, gba, sega 3x, roms, free, downloads, music, games, programs,
ftp server, mail server, pop3 server, web log, personal profiles, forums, chat,
cool stuff, pictures, downloads."><title>Edit Profile Colors</title>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_reloadPage(init) { //reloads the window if Nav4 resized
if (init==true) with (navigator) {if
((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight;
onresize=MM_reloadPage; }}
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH)
location.reload();
}
MM_reloadPage(true);
//-->
</script>
</head>
<body>
<cfoutput> <font color="##666666"face="#userdetails.fonttype#">
Edit Your Digital Swordsmen Profile Page<br>
<hr>
Here you can input your color choices for your profile. You can use either
words, like red, yellow, blue, maroon, and so on, or you can use hexidecimal
color notation such as ##666666. If you want to use hexidecimal (which provides
many more color choices) remember to use the ## sign before the numbers and or
letters. A hexidecimal color is a ## followed by any 6 of the following
charectors: 0 1 2 3 4 5 6 7 8 9 0 a b c d e f. You can mix and match to make
any color you can see. <br>
</font>
<a href="../color_chart.cfm" target="_blank">Click here for Hexidecimal Color
Chart</a> (pop-up window) </p>
<font color="#userdetails.textcolorOU#" face="#userdetails.fonttype#">This is
your current text color</font><br>
<font color="#userdetails.linkcolorOU#" face="#userdetails.fonttype#">This
is your current link color</font><br>
<font color="#userdetails.vlinkcolorOU#"
face="#userdetails.fonttype#">This is your current visited link color</font><br>
<font color="#userdetails.headercolor#" face="#userdetails.fonttype#">This
is your current header color</font><br>
<font color="#userdetails.marquercolor#" face="#userdetails.fonttype#">This
is your current marquee color</font><br>
<cfform name="form1" method="post" enctype="multipart/form-data">
<input type="hidden" id="userID" name="UserID" value="#userdetails.userid#">
<table width="100%" border="0">
<tr>
<td width="255">Desired page color:</td>
<td width="499"><input type="text" name="backgroundcolorOU"
value="#userdetails.backgroundcolorOU#"></td>
</tr>
<tr>
<td>Desired text color:</td>
<td><input type="text" name="textcolorOU"
value="#userdetails.textcolorOU#"></td>
</tr>
<tr>
<td>Desired link color:</td>
<td><input type="text" name="linkcolorOU"
value="#userdetails.linkcolorOU#"></td>
</tr>
<tr>
<td>Desired visited link color: </td>
<td><input type="text" name="vlinkcolorOU"
value="#userdetails.vlinkcolorOU#"></td>
</tr>
<tr>
<td>Desired heading color: </td>
<td><input type="text" name="headercolor"
value="#userdetails.headercolor#"></td>
</tr>
<tr>
<td>Desired marquee color: </td>
<td><input type="text" name="marquercolor"
value="#userdetails.marquercolor#"></td>
</tr>
<tr>
<td>Desired sub-heading color: </td>
<td><input name="subheader" type="text" id="subheader"
value="#userdetails.subheader#"></td>
</tr>
<tr>
<td>Desired title size:</td>
<td><select name="titlesize" id="titlesize">
<option value="#userdetails.titlesize#"
selected><cfoutput>#userdetails.titlesize#</cfoutput></option>
<option>1</option>
<option>2</option>
<option>3</option>
<option>4</option>
<option>5</option>
<option>6</option>
</select>
</td>
</tr>
<tr>
<td>Please select font type: </td>
<td><select name="fonttype">
<option value="#userdetails.fonttype#"
selected><cfoutput>#userdetails.fonttype#</cfoutput></option>
<option>ABLib BT</option>
<option>Amazone BT</option>
<option>Americana</option>
<option>Arial</option>
<option>Arial Black</option>
<option>Bookman Old Style</option>
<option>Broadway BT</option>
<option>Brush Script MT</option>
<option>Chicago</option>
<option>Comic Sans MS</option>
<option>Courier</option>
<option>Courier New</option>
<option>Helvetica</option>
<option>Lithos Black</option>
<option>Modern</option>
<option>MS Sans Serif</option>
<option>MS Serif</option>
<option>MS-DOS CP 932</option>
<option>New Century</option>
<option>Park Avenue BT</option>
<option>Roman</option>
<option>Script</option>
<option>Small Fonts</option>
<option>Swiss</option>
<option>Symbol</option>
<option>Times Roman</option>
<option>Times New Roman</option>
<option>Wide Latin</option>
</select>
</td>
</tr>
<tr>
<td>Show E-mail address in profile</td>
<td><select name="showemailaddyOU">
<option value="#userdetails.showemailaddyOU#"
selected><cfoutput>#userdetails.showemailaddyOU#</cfoutput></option>
<option>yes</option>
<option>no</option>
</select>
</td>
</tr>
<tr>
<td>Show Lastname in profile</td>
<td><select name="showlastname">
<option value="#userdetails.showlastname#"
selected><cfoutput>#userdetails.showlastname#</cfoutput></option>
<option>yes</option>
<option>no</option>
</select>
</td>
</tr>
<tr>
<td>Show Phone number in profile</td>
<td><select name="showphone">
<option value="#userdetails.showphone#"
selected><cfoutput>#userdetails.showphone#</cfoutput></option>
<option>yes</option>
<option>no</option>
</select>
</td>
</tr>
<tr>
<td>Insert any addition HTML code you want in your profile</td>
<td>
<textarea name="user_html" cols="60" rows="10" wrap="OFF"
value="#userdetails.user_html#"><cfoutput>#userdet ails.user_html#</cfoutput></te
xtarea>
</td>
</tr>
</table>
<br>
<input name="submit" type="submit" value="Submit">
</cfform>
</cfoutput>
</body>
</html>
kenji776 Guest
-
Inserting HTML code
I have looked for a possible way to insert snippets of html code into my pages but can't find any reference to it anywhere. Is that because it is not... -
inserting html
:confused; I am using Macromedia Contribute for web design. Would like to add a sitepal and counter...both require pasting an html. I can't... -
inserting mutiple html entiries into database
I need to convert a large (over 40,000 items) html based glossary into a database driven glossary. The format of the entries is: Example: <I><B><A... -
inserting into HTML code
Hi, I am using Publisher 2002 after using Dreamweaver. As an affiliate, I copy and paste premade links and I used the insert HTML code option. One... -
HELP! FW2004 doesn't export html properly
I have created a file and added a few buttons and two image slices that will be replaced with html code. When FW exports the html for dreamweaver,... -
MattRobertson #2 Re: Safely, effectivly, and properly inserting html codeinto a MS database
You should always, always ALWAYS use cfqueryparam. Its a MM best practice to
protect you against SQL injection and maximize your speed. It also escapes
stuff like control characters so it gets input properly.
Use it on inserts, updates and selects. Use it on every variable value going
into a database field or referencing a db field (such as the where clause).
Otherwise there is nothing you should have to do to your data to get it
stored, assuming proper use of the tag, using fields long enough to hold the
data and that sort of thing.
HtH,
--Matt--
MSB Web Systems... [url]http://mysecretbase.com[/url]
"The most incomprehensible thing about the world is that it is comprehensible."
- Albert Einstein.
MattRobertson Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
