Textarea content 'error handling' error when using multiple lines

Question

I've made a form in html/php in which there is a 'textarea' as well. I'm currently implementing error handling; when a mistake has been made in the form, keep the content that has been assigned already by the user.

When a mistake has been made by the user (for example, invalid e-mail address), the message that the user already had typed into the 'textarea', remains there.

However, this is ONLY when a message has been typed in which NO new lines have been used (so by pressing ENTER in the textarea). So in a multiple-line text area, for some reason it doesn't work.

Any ideas on how to fix this?

Part of the code:

if (isset($_GET['textmessage'])) {
$textmessage= $_GET['textmessage'];
echo'<div class="user-details">
        <div class="input-box">
            <span class="details">Extra message</span>
            <textarea style="height: 100px; padding-top: 10px" type="text" name="textmessage" placeholder="message">';
                echo $textmessage; 
            echo '</textarea>
        </div>
    </div>';}

Part of the action.php:

$textmessage= nl2br(htmlspecialchars($_POST['tekstbericht']));
        if (!filter_var($mailFrom, FILTER_VALIDATE_EMAIL)) {
            header("Location: form.php?form=invalidemail&name=$name&textmessage=$textmessage");
            exit();
        }

doesn't work how, exactly? You mean the text is not put back there at all? Can't see how newlines would affect that, tbh. Sample data please? FYI it would be a lot better to submit your form via POST than GET, so you don't end up a) putting user data on the querystring where it's visible and/or likely to be logged by webservers, or b) running out of space on the querystring/URL due to lengthy input. — ADyson, Jan 26 '22 at 11:27
Yes sorry, should've clarified that. The error is that the POST action of the submit form, so a seperate .PHP file which contains the 'action', is assigned to the URL header, and gives just a blank page with nothing. So it's really strange, considering that when it's only a single line in the textarea, it returns to the form.php with the previous assigned values, but when using multiple lines, it goes to action.php, without doing anything. (the form itself is a POST, only to get the values that have been assigned already, I use GET) — Jeroen van den Heuvel, Jan 26 '22 at 11:34
`and gives just a blank page with nothing`...that might mean it's crashed, or just went into a block of code which doesn't output anything. Have you got PHP error reporting / logging switched on? It sounds like something is preventing a redirect back to form.php anyway, and it may be related to how you process the textarea data. So the issue is quite likely to be in that PHP which processes the POST, but you need to debug a bit more closely by the sounds of it. Post a [mre] here if you're still stuck after a bit more investigation. — ADyson, Jan 26 '22 at 11:39
P.S. the post-and-redirect idea is a bit messy if you're then having to put data back onto the URL as GET params in the case where you redirect due to a validation error. A better design would probably be to process the POST in the same file which contains the form code, so you can just echo the form data back directly without needing any redirects. (You can always then redirect to a different page if the validation etc succeeds.) That's a much more standard pattern which people use for this kind of process. — ADyson, Jan 26 '22 at 11:41
So this is the principle of the code: $textmessage= $_POST['textmessage']; if (!filter_var($mailFrom, FILTER_VALIDATE_EMAIL)) { header("Location: form.php?form=invalid&voornaam=$voornaam&textmessage=$textmessage"); exit(); } So I guess the problem is, that the break line (either then I guess /n or
) isn't interpretable this way in the URL? Is there any way to solve this easily, without having to rewrite the whole post-and-redirect principle? — Jeroen van den Heuvel, Jan 26 '22 at 12:45
Hi, as you can see, that code isn't easy to read when presented like that. Please place all updates and further information within your question by editing it, rather than in the comments. The "edit" button is just below the blue tags under the question. Thanks. — ADyson, Jan 26 '22 at 13:20
`I guess the problem is, that the break line (either then I guess /n or
) isn't interpretable this way in the URL`...well the way to tell that is to check precisely what's being placed in the URL. That way, you don't have to guess. — ADyson, Jan 26 '22 at 13:21
But...what you actually told me was that it wasn't even loading form.php, you were just getting a blank page. So I don't think the URL is even relevant at this point. It seems to only do the redirect if the mailFrom field passes its filtering. So maybe actually the issue relates to that? Or maybe it's simly crashing somewhere, as I mentioned. Have you investigated any of that yet? Not sure how you concluded the URL was the issue when previously you said it wasn't even getting as far as issuing the redirect. — ADyson, Jan 26 '22 at 13:23
I'm quite new here, so not yet entirely up to date with the workflow on this platform. When using a single line in the textarea and I'm assigning an invalid email, the URL consists of the www.website.com/FORM.php + strings, precisely as in the last snippet that I added just now. Using the single line, the code works. When using multiple lines in the textarea and I'm assigning an invalid email, the URL consists of the www.website.com/ACTION.php but doesn't do anything. Using multiple lines, the code doesn't work. That's why I think it's in the URL. — Jeroen van den Heuvel, Jan 26 '22 at 14:56
P.S. You realise that `nl2br` will strip the text newlines from the textmessage variable and replace them with HTML line breaks? Those are not respected within a textarea, which is a plaintext-formatted zone. Don't do that until you actually need to _display_ the data in a HTML context. Likewise, don't use htmlspecialchars until you're _outputting_ the data into a HTML context. It's not an input filter. — ADyson, Jan 26 '22 at 15:00
`When using multiple lines in the textarea and I'm assigning an invalid email, the URL consists of the www.website.com/ACTION.php but doesn't do anything`...that means it isn't changing the URL then doesn't it? Which means it isn't doing the redirect command. Which means the code must be stopping or diverting before that. Which means you need to debug it line by line (and/or turn on PHP error reporting) so you can find out _why_ it's doing that. We can't see that just from the code you've provided so far. It's not possible for us to actually run your code or see your errors. That's your job. — ADyson, Jan 26 '22 at 15:02
Yes, I've tried to investigate what exactly makes the difference in output between a single line in the text area and multiple line, but with no clear outcome. The thing is, multiple lines in textarea html doesn't add anything to the code as far as I can tell. For instance, if you sent an multiple line textarea email, the email is (when not editted by nl2br) also a single line. I've tried to replace both /n and
strReplace with text just in case those are the hidden dividers for multiple lines. But this didn't anything either. — Jeroen van den Heuvel, Jan 26 '22 at 15:08
I should've deleted the nl2br in the example. I've tried the code with and without it, but doesn't make the difference. — Jeroen van den Heuvel, Jan 26 '22 at 15:08
Ok. So...again: simple debugging, line - by - line. Does it get to the `if` statement? Does it go inside the `if` statement? Does it run the `header` command? If it does, can you see the header in the response to the browser (via the network tool you can see it). If it doesn't go into the `if`, what happens next - have you got any more code beyond what you showed us. And...again...have you turned on PHP error reporting? Because unless the code logic simply leads it to a place where there are no echoes, redirects or anything, then it might be simply that you're getting an error you can't see. — ADyson, Jan 26 '22 at 15:19
I've asked you to do some debugging and turn on error reporting about 4 times now (the first time was 3 hours ago). Are you going to do it? Do you understand what I'm asking? Because we cannot make any progress otherwise. — ADyson, Jan 26 '22 at 15:19
I wasn't familiar with debugging, since I've just started with PHP and was only familiar with HTML and a bit of JS. But after a few hours I managed to implement the debugging program. However, the warning it gives, is exactly what I said already. "Warning: Header may not contain more than a single header, new line detected" That's because the URL has multiple lines, so the thing is, the multiple lines textarea has to be transformed to a single line. — Jeroen van den Heuvel, Jan 26 '22 at 18:30
`exactly what I said already`...where? That's the first time you've mentioned any kind of error message. Look back at the question and comments, you've never said that before. All you told us was you get a blank page. You should put that info into the question — ADyson, Jan 26 '22 at 18:52
`That's because the URL has multiple lines`...indeed it is. Good, now we have a definite reason to work with. The best suggestion IMO would be to do what I suggested before and re-engineer it so you don't have to do a redirect with all the form data contained on the querystring. At some point, someone will make along enough message that it violates the maximum length a URL can be, and that'll crash the application in a way you can't really guard against, except by imposing an arbitrary max length on the field. Plus as I said in my first comment, it's not very secure or private. — ADyson, Jan 26 '22 at 18:56
`I wasn't familiar with debugging, since I've just started with PHP`...ok, but debugging is a basic skill which every programmer needs to start learning almost as soon as they write their first program - anything more complicated than "hello world" is liable to have a problem with it which might need some debugging. Even just simple log messages can be used to trace the program, you don't necessarily need a fancy IDE and live debugger. If you've done some JS I'd have thought you'd have had to fix problems in that before - the principle of investigation is basically the same in all languages. — ADyson, Jan 26 '22 at 18:58
If you really don't want to re-write it all and accept the risks I've outlined above, then I can suggest maybe using nl2br to remove the newlines before you put the value on the URL, and then convert it back again when you echo it into the textarea. There's no ready-made function for the opposite process, but [Converting
into a new line for use in a text area](https://stackoverflow.com/questions/6004343/converting-br-into-a-new-line-for-use-in-a-text-area) has plenty of ways to do it. — ADyson, Jan 26 '22 at 19:02
Really appreciate all of your time and comments! I've managed to get it to work, I was actually really close before `I've tried to replace both /n and
` . But both \n and \r needs to be replaced for it to work. `$textmessage_br = str_replace(array("\r","\n"),"QTEXTQ",$tekstmessage)` in the ACTION.php. Then I convert it back with `$textmessage= str_replace("QTEXTQQTEXTQ", ("\n"),$_GET['textmessage']);`. I know it's not ideal, also with the problems you mentioned, but to be short, those will rarely occur on the total website. Again, thanks for all the time and effort you put into this! — Jeroen van den Heuvel, Jan 26 '22 at 19:16
Thats great. And glad i was able to point you in the right direction. You should add an Answer below if you solved it! Then anyone with any kind of similar issue might find it and upvote it. Comments don't show up in searches :-) — ADyson, Jan 26 '22 at 19:33

score 1 · Answer 1 · answered Jan 27 '22 at 10:04

So the problem has been solved. It turns out a textarea component has a hidden markup when using multiple lines. An URL can't read multiple lines, as it is a single line itself (hence the error). So the multiple lines have to be converted to a single line string. You'll have to replace both the '\r' and '\n'. In this case the code goes like this:

$textmessage_br = str_replace(array("\r","\n"),"QTEXTQ",$textmessage)

The 'QTEXTQ' can be anything you want, as long as it is some kind of text that won't get typed by the user. When wanting to convert the string back to multiple lines, use the same component, but reversed.

$textmessage= str_replace("QTEXTQQTEXTQ", ("\n"),$_GET['textmessage']);

Textarea content 'error handling' error when using multiple lines

1 Answers1