views:

127

answers:

5

Hey all,

Annoying brain numbing problem.

I have two functions to check the length of a string (primarily, the js one truncates as well) heres the one in Javascript:

$('textarea#itemdescription').keyup(function() {

    var charLength = $(this).val().length;
    // Displays count
    $('span#charCount').css({'color':'#666'});
    $('span#charCount').html(255 - charLength);

    if($(this).val().length >= 240){
    $('span#charCount').css({'color':'#FF0000'});
    }
    // Alerts when 250 characters is reached
    if($(this).val().length >= 255){
    $('span#charCount').css({'color':'#FF0000'});
    $('span#charCount').html('<strong>0</strong>');
    var text = $('textarea#itemdescription').val().substring(0,255)
    $('textarea#itemdescription').val(text);
    }


    });

And here is my PHP to double check:

if(strlen($_POST["description"])>255){
                echo "Description must be less than ".strlen($_POST["description"])." characters";
                exit();
                }   

I'm using jQuery Ajax to post the values from the textarea. However my php validation says the strlen() is longer than my js is essentially saying. So for example if i type a solid string and it says 0 or 3 chars left till 255. I then click save and the php gives me the length as being 261.

Any ideas?

Is it to do with special characters, bit sizes that js reads differently or misses out? Or is it to do with something else? Maybe its ill today!... :P

Update: I added var_dump($_POST['description']) to see what was passed and it was returning escape slashes e.g. what\'s going on? I have tried adding stripslashes(); to no avail... where are they coming from?

UPDATE 2 - PROBLEM SOLVED:

Basically I think I just realised my server has magic quotes turned on... grr So I have stripped slashes before processing now. Bit annoying but it will have to do!!

Thanks for your help!

Thanks, Stefan

+1  A: 

It would help if you posted more of your front-end code, especially where you are doing the actual POST. That said, are you sure that keyup is called every time? If the user just pastes text into the box have you verified it is still called?

Also keep in mind that JavaScript is not good enough to guarantee that a string will be less than a given length. A user could disable JavaScript, and a savvy "user" can send their own POST request with more than 255 chars.

Justin Ethier
Yehp I have done enough testing to know it works well enough and obviously bypassed by right click paste - hence the php validation, but it would confuse a user due tot he difference in validation. Not ideal.
Stefan
+1  A: 

I suspect that few characters are line breaks (you say you use textarea) that are ignored while you validate using javascript.

a1ex07
+3  A: 

The easiest way to debug this is simply from your PHP script, by using: var_dump($_POST['description']

I suggest you also use view source in your browser to see any escape code, special char codes, etc...

loginx
I see that the added slashes are in there after doing this i'm suspecting from the db! Thank you!
Stefan
The `magic_quotes` setting is probably turned on. I usually just turn that off in my php.ini and do my own data sanitation. For `stripslashes()` to work, you'll need to store the results in a variable though, i.e.: `$description = stripslashes($_POST['description']);` After that, you can substitute $_POST['description'] in favour of $description.
loginx
Thanks turns out it must be on - just worked that out! ah well, will have to contact my server guys! I do all my own striplashes and addslashes myself. So being aware of that helps now. it seems `if(strlen(stripslashes($_POST["description"]))>255){` works nicely for the check! Thanks again. :)
Stefan
+1  A: 

I see 2 things that might be causing your problem.

  • firstly substring(0,255) returns 256 characters
  • secondly magic_quotes might be turned on in php.ini, PHP tries to give you escaped strings but doesn't do it right all the time

edit

doh didnt re-read the substring definition, ignore the first one but magic_quotes might be on check that one

Geek Num 88
+1  A: 

If you use UTF-8 encoding, PHP strlen() is counting the bytes, not the characters. If you have anything non-ASCII, this will happen. Use mb_strlen(). Magic quotes can add a few characters also.

ZZ Coder