Using MySql Update and PHP for smilies

Question

I am fairly new to PHP and very new to MySql. I found this line of code online and am using it in a function that fetches all of the messages in a conversation (on my messaging system using php/mysql):

        $sql = "UPDATE `conversations_messages` SET message_text = REPLACE(message_text, '\r\n', '<br />')";
mysql_query($sql);

Obviously, this is so that line breaks appear as <br />

My question is this: (how) could I incorporate this code to set :) into an image of a smiley face?

Please help me. Thank you in advance.

score 4 · Answer 1 · answered Feb 22 '14 at 20:55

4

This code is awful. You should not execute it.

The database should always contain the data the user entered. No HTML code! If one deviates from this rule, one should know exactly why and when.

You should transform characters into smileys or transform \n into <br> while outputting the text instead. For example like this:

$text = htmlspecialchars($text);
$text = str_replace("\n", "<br>", $text);
$text = str_replace(":)", '<img src="smiley.png" />', $text);
echo $text;

while $text is filled previously by a select statement.

answered Feb 22 '14 at 20:55

Ulrich Thomas Gabor

6,584
4
27
41

3

+1, Took my answer before i had chance to write it :) P.S use the `nl2br` instead of `
`. – Orel Eraki Feb 22 '14 at 20:57
@GhostGambler I have a $messages array. Would this work for that? – user3315726 Feb 22 '14 at 20:57
Sure, you just have to use an array value instead of `$text`. – Ulrich Thomas Gabor Feb 22 '14 at 20:57
For some reason, $messages['message_text'] = htmlspecialchars($messages['message_text']); $messages['message_text'] = str_replace("\n", "
", $messages['message_text']); gives me an error – user3315726 Feb 22 '14 at 21:02
Warning: date() expects parameter 2 to be long, string given – user3315726 Feb 22 '14 at 21:04
Also, there are no line breaks – user3315726 Feb 22 '14 at 21:04
I think I may have sorted it, sorry – user3315726 Feb 22 '14 at 21:05
no, I haven't fixed it; strtostring removes the error, however the date then becomes invalid – user3315726 Feb 22 '14 at 21:16
As long as we do not see what you are working on, we cannot help. – Ulrich Thomas Gabor Feb 22 '14 at 21:19

score 1 · Answer 2 · edited May 23 '17 at 12:03

Using `UTF-8` character directly

You may use (assuming UTF-8) directly "smiley face character", its hex sequence is 0xE2 0x98 0xBA (e298ba):

mysql> SELECT CHAR(0xe298ba USING UTF8);
+---------------------------+
| CHAR(0xe298ba USING UTF8) |
+---------------------------+
| ☺                         |
+---------------------------+
1 row in set (0.00 sec)

I do NOT recommend doing this (but you it's possible), if you really want to store modified data in the database rather use HTML entry &#x263a (which won't put any special characters into database).

UPDATE `conversations_messages` 
    SET message_text = REPLACE(message_text, ':)', '&#x263a;')

Of course this assumes you don't do any html filtering (like htmlspecialchars()) after loading data from database.

But I wouldn't store modified data in the database (at least not without storing original version), imagine scenario when you would want to add new smiley face after "processing" every message you already have (or worse remove it)...

If you (for some reason) really have to replace it as a par of "model" rather use:

SELECT REPLACE(`message_text`, ':)', '&#x263a;') AS message_text

Or rather build stored function which will do multiple steps (replace newlines, smiley faces and so on).

SELECT MyProcessingFunction(`message_text`) AS message_text

Much more suitable way of doing this will be "decorating text" when it's printed out

function process_text($text)
{
    $text = htmlspecialchars($text);
    $text = str_replace( '\n', '<br />', $text);
    $text = str_replace( ':)', '&@x263a;', $text);
    return $text;
}

$message_text = do_some_magic();
echo process_text($message_text);

This way you still have original available and can change formatting on the fly without corrupting old data.

Using `<img />` tag

Much more common way (at least in my experience) is using images (small images):

function process_text($text)
{
    $text = htmlspecialchars($text);
    $text = str_replace( '\n', '<br />', $text);
    $text = str_replace( ':)', '<img class="smiley" src="..." alt=":)" />', $text);
    return $text;
}

This will give you much more freedom (use your own smileys, style them a bit) when doing things.

Another tips

You can use nl2br() instead of replacing newlines manually (but last time I've worked with it, it wasn't XHTML compatible... which it is since 4.0.5).

Also sanitize user inputs (database input - prepared statements and parameters; output - htmlspecialchars() or equivalent) to prevent users from XSS or just screwing up your page.

I have done the 'Using tag' method you provided, but I get the error: Warning: str_replace() expects at least 3 parameters, 2 given — user3315726, Feb 22 '14 at 21:57
Ah, wrote code from the tom of my head added `, $text` to examples (please study examples before using them... this way you may execute malicious code + you probably won't learn how the things work). — Vyktor, Feb 22 '14 at 22:02

Using MySql Update and PHP for smilies

2 Answers2

Using UTF-8 character directly

Using <img /> tag

Another tips

Using `UTF-8` character directly

Using `<img />` tag