R
E
S
O
U
R
C
E
S
       Home      Products & Services      Contact Us      Links


WebHatchers will design & develop your site for you.
_______________________

Website Menu Heaven: menus, buttons, etc.
_______________________

Send us your questions.
_______________________
site search by freefind
_______________________

HOME
SEO, Google, Privacy
   and Anonymity
Browser Insanity
JavaScript
Popups and Tooltips
Free Website Search
HTML Form Creator
Animation
Buttons and Menus
Counters
Captchas
Image Uploading
CSS and HTML
PHP
AJAX
XPATH
Website Poll
IM and Texting
Databases—MySQL
   or Not MySQL
Personal Status Boards
Content Management
   Systems
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs



Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement


Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

PHP Code for View Forum Topic and Replies

Forums are great communication tools for the exchange of ideas, for people teaching others about a specific area of interest, or even for just general social communication. The fact that they are usually so specialized helps get them high up in search results as well as contributing considerably to bodies of knowledge. True, there's a lot of misinformation and putdowns, but this invariably occurs when people communicate. One must learn to take what one learns with a grain of salt.

The forum page has a list of topics and each topic is a link to the forum topic and replies viewing page, whose script code can be found below. Depending on which topic was clicked, its corresponding id will be sent via query string along with the username to this page and only this topic and its replies will be visible on this viewing page. For other topics, you must return to the forum home page.

The topic and replies viewing code below starts out with a simple JavaScript character counter function for entering replies and keeping the count to under 10,000 characters. Then comes the validation scripts. There are PHP validation scripts as well, for extra security, on the page that is specified in the form action. The replier name is restricted to 6 to 20 letters, numbers and underline, and if the JavaScript validator misses any violations because the user has JavaScript turned off, the PHP validator will catch it. The reason to use JavaScript validators as well as PHP validators on input is that it helps keep the host server from getting overwhelmed. The replier email validator will allow most any email that uses only alphanumerics, hyphen, underscore, dots and a @. Note that the scripts use
focus() to keep users on an input box until they enter acceptable input, and the PHP validators are even more insistent about input filtering.

On to the PHP code. As usual, we start with config.php, since without it, the MySQL-based forum would not be viable. You cannot relate to a db without knowing the magic words. Next, the security of the page is dealt with by ensuring the page visitor has a username that's in the database. Note that the various pages on our forum app use both forms and URL query strings to transfer data between pages, so both POST and GET are checked for username, and if neither works, the visitor is sent to the login script. Not only is the db checked for a valid username, the username is checked to make sure it has only 6 to 20 letters, numbers or underscore in it and no other characters—otherwise, it's off to the login script. If a hacker has put something nasty in the query string, he'll end up at the login script. All our forum app scripts have this same username checker at the top of the PHP section—except for the login script.

The topic id will be sent along with the username via query string from the forum home page that sends us here. We use it to get this topic's content from the forum_question MySQL table and display it. For the topic, email, name and date fields, it's enough to use htmlentities(stripslashes()) to sanitize the data for display. But the detail field uses these 2 functions plus strip_tags as well. When the detail field is input and a MySQL query (on a different web page) inserts it into the MySQL table, the following characters are allowed: a-z A-Z 0-9 . , ! ; - _ " ? ' : ( ) / and space. But the strip_tags function is run before the sanitizer lets these characters through, and the mysql_real_escape_string() function is run afterwards, and only then does the data get into the db. The above characters are needed for topics and replies because one cannot write coherently without them—although the forward slash is only allowed in to facilitate typing in full-path web addresses of pictures.

Next comes dealing with all the custom tags we invented for various HTML code creation purposes, which are allowed in the detail field in the forum_question table and the a_answer field of the forum_answer table. You can learn about the custom codes for italics, bold, underline, links, email links, pictures, videos, and sounds, if you wish, in order to understand what's going on below, although the video and sound handling, although present in our article CMS system, is not part of the forum script. The problems they could lead to are obvious. Anyway, the purpose of these custom tags is to be safer than regular HTML tags, which are so easily exploited.

For italics, the tags we get forum writers to use are (i-) and (ii-) for start and end tag, which our PHP script turns into <i> and </i>, using '/\(i-\)/i' and '/\(ii-\)/i' as regular expression replacement patterns and '<i>' and '</i>'as replacement text. The same is done for underline and bold. And (p-) and (pp-) are the picture tags, with '<center><br><IMG SRC="' replacing the first and
'" BORDER=0><br><br></center>' replacing the second, and the image name like pic.png in between. A special replacement happens if the writer puts 2 dots in front of the file name: ../ is added to the start of the image source so a picture can be in a higher level folder or no folder (except public_html), but this is for relative paths on the forum site only, so it only applies to pictures hosted by the forum site, whereas the other picture tag without the dots can use pictures from any web address path.

With links, (l-) turns into <a href="http://, (ll-) turns into "> after the domain, and (lll-) turns into </a> after the link text.

Email links get (e-) turned into <a href="mailto:, (ee-) turned into @ after the 1st section of the email before the @ and before the second, (eee-) turned into ?subject= before the email's subject text, (eeee-) turned into "> after the email subject, and (eeeee-) turned into </a> after the link text. If you'd like video and audio support in your forum, see custom codes or cms-search-articles.html.

At the bottom of the Topic display box are 2 links. One allows you to go to the topic editing script, and another allows you to go to the topic deleting script. Both are on separate pages. The id of the topic you're viewing is sent, along with the username, in a URL query string, as you can see below.

Now for replies viewing. For the a_id, a_email, a_name and a_datetime fields, it's enough to use htmlentities(stripslashes()) to sanitize the data for display. But the a_answer field (the replies) uses these 2 functions plus strip_tags as well. When the detail a_answer is input and a MySQL query (on a different web page) inserts it into the MySQL table, the following characters are allowed: a-z A-Z 0-9 . , ! ; - _ " ? ' : ( ) / and space. But the strip_tags function is run before the sanitizer lets these characters through, and the mysql_real_escape_string() function is run afterwards, and only then does the data get into the db. The above characters are needed for topics and replies because one cannot write coherently without them—although the forward slash is only allowed in to facilitate typing in full-path web addresses of pictures.

Note that after the forum_answer table is queried for the records that have a question_id number the same as the topic id (and there can be many), the following code starts the replies displaying script looping through the query results: while($rows=mysql_fetch_array($result2)){. Note that the PHP alternates with plain old HTML in the process of displaying the data, and, for safety's sake, the table data HTML gets PHP inserted here and there, converting the data to HTML entities in the process. For example: <td width="88%"><? echo htmlentities(stripslashes($rows['a_name']), ENT_QUOTES); ?></td>.

There's a link at the bottom of each reply that goes to a reply deleting script. The only users allowed to delete or edit topics or delete replies are the users that created the topics—their username is stored in a topics_username field in the forum_questions table of the db and it is checked when users try to run these scripts.

When users view a topic and its replies, there's a view field in the forum_question table which gets updated every time someone views the topic, as you can see below in the script.

There is a form box for entering replies near the bottom of the script, and it has a word counter so no one types in over 10,000 characters in a reply. If they do, the excess gets trimmed in JavaScript here in the textCounter() function, but if JavaScript is disabled by the user the PHP script that stores replies in the db will trim off the excess over 10,000 characters. At the bottom of the form, below the Submit button, is a link to "Return to Forum—don't add reply."

Finally, there's a script at the end of the page that uses JSON's json_encode() function to get the current PHP value of the username, stored in $U, and convert it to a string JavaScript can read. This is inserted into a hidden field in the form, whose submit button will POST it to the appropriate PHP script. But any backwards slashes are stripped off first, since the various GETs, POSTs, and insertion of values into hidden fields in forms tends to add slashes, and this JavaScript replace() function—done with a regular expression—cures the problem.

SAVE THIS PAGE AS: cms-view-topic.php

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>View Forum Topic—Content Management System (CMS)</TITLE>
<meta name="description" content="View Forum Topic—Content Management System (CMS)">
<meta name="keywords" content="forums,forum,Content Management System,Content Management System Articles,php,CMS,javascript, dhtml, DHTML">
<style type="text/css">
BODY {margin-left:0; margin-right:0; margin-top:0;text-align:left;background-color:#ddd}
p, li {font:13px Verdana; color:black;text-align:left;text-indent:2em;margin-bottom:-1em}
h1 {font:bold 28px Verdana; color:black;text-align:center}
h2 {font:bold 24px Verdana;text-align:center}
td {font:normal 13px Verdana;text-align:left;background-color:#eee}
.topic {text-align:left;background-color:#fff}
.mid {text-align:center;background-color:#bbb}
.right {text-align:right;}
.info {position:absolute;top:19px;left:2px;width:128px;border:1px solid blue;padding:6px;background-color:#bbb}
</style>
<script type="text/javascript">

function textCounter(field, countfield, maxlimit) {
if (field.value.length > maxlimit){field.value = field.value.substring(0, maxlimit);}
else{countfield.value = maxlimit - field.value.length;}}

function check(){

var ck_email = /^[A-Za-z0-9-_]+(\.[A-Za-z0-9-_]+)*@([A-Za-z0-9-_]+\.)?([A-Za-z0-9-_]+(\.[A-Za-z]{2,6})(\.[A-Za-z]{2})?)$/;
if(document.form1.a_email.value.search(ck_email)==-1)
{alert("That email address is not valid.");document.form1.a_email.focus();return false;}

var ck_a_name = /^[A-Za-z0-9_ ]{6,20}$/;
if (document.form1.a_name.value.search(ck_a_name)==-1)
{alert("Please enter 6 to 20 letters, numbers, space, and underline for the name.");document.form1.a_name.focus();return false;}

if (document.form1.a_answer.value.length<6) {alert("Please enter 6 to 10000 characters for reply."); document.form1.a_answer.focus(); return false;}

return true;}

</script>
</head>
<body>

<?php
include_once"config.php";

$U=$_POST['username'];if (!isset($U)){$U=$_GET['username'];}
if (isset($U)&&preg_match("/[A-Za-z0-9_]{6,20}$/",$U)){$check_user_data = mysql_query("SELECT * FROM members WHERE username='$U'") or die(mysql_error());if(mysql_num_rows($check_user_data)==0){unset($U);}}else{unset($U);}
if (!isset($U)){echo '<script language="javascript">alert("Please login.");window.location="login.php"; </script>';}

$tbl_name="forum_question";

$id=$_GET['id'];

$result = mysql_query("SELECT * FROM $tbl_name WHERE id='$id'") or die(mysql_error());
$rows=mysql_fetch_array($result);
?>
<BR>
<table width="700" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCC">
<tr>
<td><table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFF">
<tr><td class='mid'><b>Topic</b></td></tr>
<tr>
<td><b><? echo htmlentities(stripslashes($rows['topic']), ENT_QUOTES); ?></b></td>
</tr>
<tr>
<td><p>
<?php
$detail=strip_tags($rows['detail']);
$detail=htmlentities(stripslashes($detail), ENT_QUOTES);
$detail=nl2br($detail); //Enter turns into <BR />
$pattern = '/(<BR\s\/>)+/i';
$replacement = '</p><p>'; //turn any <BR />s into a </p><p> to allow indent since <p>s are css styled to indent!
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(i-\)/i';
$replacement = '<i>'; //turn any (i-)s into a <i>s to allow italics
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(ii-\)/i';
$replacement = '</i>'; //turn any (ii-)s into a </i>s to allow italics
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(b-\)/i';
$replacement = '<b>'; //turn any (b-)s into a <b>s to allow bold
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(bb-\)/i';
$replacement = '</b>'; //turn any (bb-)s into a </b>s to allow bold
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(u-\)/i';
$replacement = '<u>'; //turn any (u-)s into a <u>s to allow underline
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(uu-\)/i';
$replacement = '</u>'; //turn any (uu-)s into a </u>s to allow underline
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(p-\)\.\./i';
$replacement = '<center><br><IMG SRC="../'; //turn any (p-)s into start of image tag to allow image
$content=preg_replace($pattern, $replacement, $content);
$pattern = '/\(p-\)/i';
$replacement = '<center><br><IMG SRC="'; //turn any (p-)s into start of image tag to allow image
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(pp-\)/i';
$replacement = '" BORDER=0><br><br></center>'; //turn any (pp-)s into end of image tag to allow image
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(l-\)/i';
$replacement = '<a href="http://'; //turn any (l-)s into <http:// to allow link protocol
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(ll-\)/i';
$replacement = '">'; //turn any (ll-)s into "> to allow url
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(lll-\)/i';
$replacement = '</a>'; //turn any (lll-)s into </a> to link text
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(e-\)/i';
$replacement = '<a href="mailto:'; //turn any (e-)s into <a href="mailto: to allow link protocol
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(ee-\)/i';
$replacement = '@'; //turn any (ee-)s into @ to allow email @ sign
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(eee-\)/i';
$replacement = '?subject='; //turn any (eee-)s into ?subject= to allow email subject
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(eeee-\)/i';
$replacement = '">'; //turn any (eeee-)s into "> to allow email address
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(eeeee-\)/i';
$replacement = '</a>'; //turn any (eeeee-)s into </a> to allow link text
$detail=preg_replace($pattern, $replacement, $detail);
echo $detail;
?>
</p><BR><BR></td>
</tr>
<tr>
<td><b>By :</b> <? echo htmlentities(stripslashes($rows['name']), ENT_QUOTES); ?></td>
</tr>
<tr>
<td><b>Email :</b> <? echo htmlentities(stripslashes($rows['email']), ENT_QUOTES); ?></td>
</tr>
<tr>
<td><b>Date/time : </b><? echo htmlentities(stripslashes($rows['datetime']), ENT_QUOTES); ?></td>
</tr>
<tr><td class='mid' colspan=3><b><a href="cms-edit-topic.php?username=<? echo stripslashes($U); ?>&id=<? echo stripslashes($id); ?>">Edit Topic</a>       <a href="cms-delete-topic.php?username=<? echo stripslashes($U); ?>&id=<? echo stripslashes($id); ?>">Delete Topic</a></b></td></tr>
</table></td>
</tr>
</table>
<BR>
<?php
$tbl_name2="forum_answer";

$result2=mysql_query("SELECT * FROM $tbl_name2 WHERE question_id='$id' ORDER BY a_id") or die(mysql_error());
while($rows=mysql_fetch_array($result2)){
?>
<table width="700" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCC">
<tr>
<td><table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFF">
<tr><td class='mid' colspan=3><b>Reply</b></td></tr>
<tr>
<td><b>ID</b></td>
<td colspan=2><? echo htmlentities(stripslashes($rows['a_id']), ENT_QUOTES); ?></td>
</tr>
<tr>
<td width="12%"><b>Name</b></td>
<td width="88%"><? echo htmlentities(stripslashes($rows['a_name']), ENT_QUOTES); ?></td>
</tr>
<tr>
<td><b>Email</b></td>
<td colspan=2><? echo htmlentities(stripslashes($rows['a_email']), ENT_QUOTES); ?></td>
</tr>
<tr>
<td valign='top'><b>Reply</b></td>
<td colspan=2><p>
<?php
$a_answer=strip_tags($rows['a_answer']);
$a_answer=htmlentities(stripslashes($a_answer), ENT_QUOTES);
$a_answer=nl2br($a_answer); //Enter turns into <BR />
$pattern = '/(<BR\s\/>)+/i';
$replacement = '</p><p>'; //turn any <BR />s into a </p><p> to allow indent since <p>s are css styled to indent!
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(i-\)/i';
$replacement = '<i>'; //turn any (i-)s into a <i>s to allow italics
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(ii-\)/i';
$replacement = '</i>'; //turn any (ii-)s into a </i>s to allow italics
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(b-\)/i';
$replacement = '<b>'; //turn any (b-)s into a <b>s to allow bold
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(bb-\)/i';
$replacement = '</b>'; //turn any (bb-)s into a </b>s to allow bold
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(u-\)/i';
$replacement = '<u>'; //turn any (u-)s into a <u>s to allow underline
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(uu-\)/i';
$replacement = '</u>'; //turn any (uu-)s into a </u>s to allow underline
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(p-\)\.\./i';
$replacement = '<center><br><IMG SRC="../'; //turn any (p-)s into start of image tag to allow image
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(p-\)/i';
$replacement = '<center><br><IMG SRC="'; //turn any (p-)s into start of image tag to allow image
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(pp-\)/i';
$replacement = '" BORDER=0><br><br></center>'; //turn any (pp-)s into end of image tag to allow image
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(l-\)/i';
$replacement = '<a href="http://'; //turn any (l-)s into <http:// to allow link protocol
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(ll-\)/i';
$replacement = '">'; //turn any (ll-)s into "> to allow url
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(lll-\)/i';
$replacement = '</a>'; //turn any (lll-)s into </a> to link text
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(e-\)/i';
$replacement = '<a href="mailto:'; //turn any (e-)s into <a href="mailto: to allow link protocol
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(ee-\)/i';
$replacement = '@'; //turn any (ee-)s into @ to allow email @ sign
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(eee-\)/i';
$replacement = '?subject='; //turn any (eee-)s into ?subject= to allow email subject
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(eeee-\)/i';
$replacement = '">'; //turn any (eeee-)s into "> to allow email address
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(eeeee-\)/i';
$replacement = '</a>'; //turn any (eeeee-)s into </a> to allow link text
$a_answer=preg_replace($pattern, $replacement, $a_answer);
echo $a_answer;
?>
</p><BR><BR></td>
</tr>
<tr>
<td><b>Date/Time</b></td>
<td colspan=2><? echo htmlentities(stripslashes($rows['a_datetime']), ENT_QUOTES); ?></td>
</tr>
<tr><td class='mid' colspan=3><b><a href="cms-delete-answer.php?username=<? echo stripslashes($U); ?>&id=<? echo stripslashes($id); ?>&aid=<? echo stripslashes($rows['a_id']); ?>">Delete Reply</a></b></td></tr>
</table></td>
</tr>
</table><br>

<?
}

$result3=mysql_query("SELECT view FROM $tbl_name WHERE id='$id'") or die(mysql_error());
$rows=mysql_fetch_array($result3);
$view=$rows['view'];

if(empty($view)){
$view=1;
$sql4="INSERT INTO $tbl_name(view) VALUES('$view') WHERE id='$id'";
$result4=mysql_query($sql4);
}

$addview=$view+1;
$sql5="update $tbl_name set view='$addview' WHERE id='$id'";
$result5=mysql_query($sql5);

mysql_close();
?>
<BR>
<table width="700" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCC">
<tr>
<form name="form1" method="post" action="cms-add-answer.php" onsubmit="return check()">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFF">
<tr><td class='mid' colspan=2><b>Reply</b></td></tr>
<tr>
<td width="10%"><b>Name</b></td>
<td width="89%"><input name="a_name" type="text" id="a_name" size="65" maxlength=65> 6-20 letters, numbers or _</td>
</tr>
<tr>
<td><b>Email</b></td>
<td><input name="a_email" type="text" id="a_email" size="65" maxlength=65> legitimate email only</td>
</tr>
<tr>
<td valign="top"><b>Reply</b><input type="hidden" name="username" value=" "></td>
<td><textarea name="a_answer" cols="50" rows="3" id="a_answer" onKeyDown="textCounter(this.form.a_answer,this.form.remLen,10000);" onKeyUp="textCounter(this.form.a_answer,this.form.remLen,10000);"></textarea> 6 or more characters
<br>
<input readonly type=text name=remLen size=5 maxlength=5 value="10000"> characters left</td>
</tr>
<tr>
<td><input name="id" type="hidden" value="<? echo htmlentities(stripslashes($id), ENT_QUOTES); ?>"></td>
<td><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</td>
</form>
</tr><br><br>
<tr><td><a href="cms-forum.php?username=<? echo stripslashes($U); ?>"><B>Return to Forum—don't add reply</B> </a></td></tr>
</table>
<div class='info'>In Detail and Reply fields only, you may use single or double quotes or Enter/Return. Use Returns for new paragraphs. For italics, starting and ending tags are (i-) and (ii-). For bold, use (b-) and (bb-). Underline is (u-) and (uu-). For links, use (l-) then domain <i>without http://</i>, then (ll-) then link text, then (lll-). For emails, use (e-) then email address <i>with (ee-) instead of @</i>, then (eee-) then subject, then (eeee-) then link text, then (eeeee-). For pictures, use (p-) as start tag, then full URL path to picture, then (pp-) as end tag. If the image is wider than 580 pixels, resave it to 580.</div>

<script language="javascript">
var u = <?php echo json_encode($U); ?>;
u=u.replace(/\\/g,'');
document.form1.username.value=u;
</script>

</body>
</html>