Normally when we use:
<textarea><?php echo 'ok'; ?></textarea>
We get <?php echo 'ok'; ?> displayed inside the textarea. But on my website I get the ok inside the textarea. So the php code gets executed instead the php code is being showed.
Anybody knows how this can happen? To be clear, I don't want it. I want the code to be displayed.
If you're running a .php file on a PHP-enabled web server... Use the HTML entities for the text you want (specifically the < and >, though potentially more):
<textarea><?php echo 'ok'; ?></textarea>
Or you can treat it as a string server-side and HTML-encode it with PHP:
<textarea><?php echo htmlentities("<?php echo 'ok'; ?>"); ?></textarea>
Alternatively, if you don't want to use PHP at all, then simply don't use it. Serve an .html file and/or disable PHP on the server:
<textarea><?php echo 'ok'; ?></textarea>
Related
I have content that I want to display in a textarea. And on a another page in a div.
The content I got from inside my database. And was inserted in the database with CKeditor.
Sound easy, right?
The problem is that when I use echo or print I am getting <b>Some content</b> instead of Some content.
Believe it or not I spend 6 hours already trying to solve this problem. What is normal amount for me to spend on a problem. Only normally I am at least one step closer solving the problem. But now I am still as clueless as I started.
And yes I am using: <meta charset="utf-8">
My code(Just a basic echo, since I don`t know what to do)
<textarea ><?php echo $content; ?></textarea>
Current output:
<li><s><em><strong><span class="marker">Dit is gewijzigd?</span></strong>
But I would like this:
Dit is gewijzigd?
You may try it like this to make the content editable
<div contenteditable><?php echo $content; ?></div>
EDIT :
try this
<div><?php echo htmlspecialchars_decode($content); ?></div>
Just use strip_tags() function :
<textarea ><?php echo strip_tags($content); ?></textarea>
Docs here : http://php.net/manual/fr/function.strip-tags.php
you can do couple of things to figure out
1) use the html_entity_decode function which will decode the html entity which is coming from database and return the html output
2) if the above solution doesn't work then use the first try to echo with html_entity_decode to check that does it work properly or not if it does then there is something we need to do with editor as so that editor will know that it is getting the raw html data not just plain text. i also used the FCKeditor where i have simply put the text and its working fine.
You can do this using js as -- You need two times decoding since as you shown your raw data in db ..
<textarea id='t'></textarea>
<script>
function getHTML(code)
{
var para = document.createElement("DIV");
para.innerHTML=code;
//return $(para).text();
return para.innerText;
}
document.getElementById('t').innerHTML=getHTML('<?php echo $content; ?>');
</script>
PURE PHP
<textarea id='t'><?php echo html_entity_decode(html_entity_decode($content));?></textarea>
I've got a real problem, I want to make an alert using PHP to call JavaScript, but my PHP is inside a textarea, is there anyway to echo out the script outside the textarea without moving the PHP code?
<textarea>
<?php
echo "<script language='javascript'>alert('Hello!')</script>"
?>
</textarea>
No, not really. Once you're inside a <textarea>, ANY text, including html tags, will be considered part of the textarea's "to be edited text", up until the first </textarea>. You will have to output your script tag outside of the textarea, which means moving your PHP code.
<?php
echo "<script type="text/javascript">alert('Hello!');</script>"
?>
<textarea></textarea>
This function and the alert you can't write inside the textarea
So, in an html page I'm trying to have a php segment echo some javascript code, as seen here:
<?php
echo "This was legitimately hit";
if(!empty($_POST['name']))
{
echo '<script type="text/javascript">alert("We got the name");</script>';
}
else
{
echo '<script type="text/javascript">alert("We DID NOT get the name");</script>';
}
?>
and from what I've read online, this seems to be a legitimate way of doing things, but the page seems to be reading the first part up until the first closing chevron (seen just below here) as a comment.
<?php
echo "This was legitimately hit";
if(!empty($_POST['name']))
{
echo '<script type="text/javascript">
Then it reads the else and next echo as plain text, and puts it on the webpage. the next javascript code block then gets read as a regular javascript code block, so the page does a pop-up saying it did not get the name. The closing bracket and closing chevron then just get output as more text.
So in the end the page just ends up having
alert("We got the name")'; } else { echo ''; } ?>
printed on it as plain text, and has a pop-up that says we received no name.
What is going wrong here?
Sounds like the file isn't being processed as PHP. Does the file name end in .php? Are you sure PHP is installed and hooked up correctly to the web server?
edit: To handle the Facebook requests in the same page:
<?php
if (isset($_POST['facebook_request_field'])) {
// handle the Facebook request, output any necessary response
// then exit
exit;
}
?>
<!-- display the web page normally here -->
So for your test page:
<?php
if (isset($_POST['name'])) {
echo '<script type="text/javascript">alert("got a name!");</script>';
exit;
}
?>
<script type="text/javascript">alert("No name.");</script>
(That's actually identical in function to what you already have, so maybe I'm misunderstanding the purpose.)
Between We got the signed request and We got the name, I think you haven't given us the actual code that's causing the error. Double check that, and make sure you don't have any stray single quotes before your alert call.
There are missing ; after the alert. Have you tried correcting this first?
I found this code on the internet on how to to display message/pop up box.
<? echo "<script language=\"JavaScript\">\n";
echo "alert('$msg1')";
echo "alert('$msg2')";
</script>";
?>
AND
<? echo "<script>alert('$msg1' )</script>" <?
I want to display messages to the user by popup message. all the messages will be appears in one message box. For above example, the message will be appeared in two box.
Can it be done in all in one box? I try using '\n' or 'br>'...also cannot or i did it wrong? Any idea? Is there any reference or tutorial on this?
<?
echo "<script type=\"text/javascript\">\n";
echo "alert('$msg1" . '\n' . "$msg2');";
echo "</script>";
?>
EDIT: But your users may find alert annoying. Look into DIV-based dialogs.
"alert('$msg1" and "$msg2');" use double quotes to allow for variable interpolation. '\n' is single-quoted so backslash will not be an escape (we want it to be interpreted by JS, not PHP). . is PHP's concatenation operator.
There's a few other issues here.
It is using Javascript alert boxes, which are ugly, and modal. It's bad for users. Modal in the whole-of-browser sense, so (depending on the browser) users can't even go and do something in another tab while this message is on screen; they must dismiss it first. It's much better to place the message in a well styled <div> for example. You could still use some unobtrusive script (like jQuery) to allow users to hide the box if you were so inclined.
Any apostrophes in $msg1 and $msg2 won't be escaped in the Javascript output. This can be a security problem if you're accepting user input as part of these variables. You could use addslashes() to partially fix this, but you'd also need to escape the characters "</" (or "</script" if using HTML) if they might appear, and possibly other variants too.
If you read and accept the above problems and still want to achieve this, here's a safer (though I'm still not sure if it's perfectly safe) alternative:
<?
echo "<script type=\"text/javascript\">";
echo "alert('" . str_replace("</", "<'+'/", addslashes($msg1).'\n'.addslashes($msg2)) . "');";
echo "</script>";
?>
Instead of:
echo "alert('$msg1')";
echo "alert('$msg2')";
Try:
echo "alert('$msg1, $msg2')";
Here is modified example from w3schools.com tutorial if you want to display messages before submit is processed:
<html>
<head>
<script type="text/javascript">
function disp_alert()
{
<?php echo "alert('".$msg1.'\n'.$msg2."');"; ?>
}
</script>
</head>
<body>
<input type="button" onclick="disp_alert()" value="Display alert box" />
</body>
</html>
I have a PHP page with some JavaScript code also, but this JavaScript code below doesn't seem to work, or maybe I'm way off!
I am trying something like this:
var areaOption=document.getElementById("<?php echo #$_POST['annonsera_name']?>");
areaOption.selected=true;
Also I have tried this, but it only alerts a BLANK alert-box:
alert (<?php echo $test;?>); // I have tried this with quotes, double-quotes, etc... no luck
Am I thinking completely wrong here?
UPDATE
Some PHP code:
<?php
$test = "Hello World!";
?>
In your second example, you are missing quotes around the string (so H is interpreted as a variable - which you didn't set).
Test this:
alert (<?php echo "'H'";?>);
OR
alert ('<?php echo "H";?>');
PHP runs on the server side and Javascript is running on the client side.
The process is that PHP generates the Javascript that will be executed on the client side.
You should be able to check the JS that is generated just looking at the code. Of course, if the JS relies on some PHP variables, they need to be instanciated before the JS is output.
<?php
$test = 'Hello world';
?>
<html>
<body>
<script>
alert('<?php echo $test; ?>');
</script>
</body>
</html>
will work but
<html>
<body>
<script>
alert('<?php echo $test; ?>');
</script>
</body>
</html>
<?php
$test = 'Hello world';
?>
will not
Use json_encode to convert some text (or any other datatype) to a JavaScript literal. Don't just put quotes around the echoed string — what if the string has a quote in it, or a newline, or backslash? Best case your code fails, worst case you've got a big old cross-site-scripting security hole.
So,
<?php
function js($o) {
echo json_encode($o, JSON_HEX_TAG|JSON_HEX_APOS|JSON_HEX_QUOT|JSON_HEX_AMP);
}
?>
<script type="text/javascript">
var areaOption= document.getElementById(<?php js($_POST['annonsera_name']); ?>);
areaOption.selected= true;
alert (<?php js('Hello World'); ?>);
</script>
Your using #$_POST indicates that you have received (or are expecting) errors - check your generated source to see if the value was output correctly. Otherwise document.getElementById will fail and you'd get no output.
alert("Delete entry <? echo $row['id']; ?> ")
If your extension is js, php will not work in that file.
The reason being, php parses on files that it is supposed to. The file types that php will parse are configured in httpd.conf using AddType commands (or directives, whatever they are called).
So you have 3 options:
add filetype js to the list of files php will parse (BAD, VERY BAD)
make the script inline to some php file
rename the file to script.js.php, and at the beginning of the file, specify the content type, like so:
<?php header( 'content-type: text/javascript' ); ?>
Cheers!