When i get the POST data from form .
This is my html of a particular input field .
<input type="text" title="Nick Name" data-optional="1" value="" name="FedEx_small_dropship_nickname" placeholder="Nick Name" id="FedEx_small_dropship_nickname">
when i add the input like nick 'o' compton it make it nick 'o' compton means it does not read ' sign and make it ' but i want to store ' in db . Any body please help .
Regards
while inserting to DB use:
htmlspecialchars($data_var, ENT_QUOTES)
and later on when you display this data back to users:
htmlspecialchars_decode($data_var, ENT_QUOTES);
Related
I have a long text string that needs to be displayed after being fetched from database. I'm able to display it on the screen, however when the string is too long, the complete string is not being displayed. Here is my code:
echo '<td>'.'<input type = "text" class="form-control" disabled = "disabled" id ="fieldText" name = "fieldText['.$row["ID"].']" value = "'.$row["fieldText"].'">'."</td>";
Not sure what changes need to be made in order to display the complete string. Can someone help please.
Try use textarea. replace you input field with a textarea tag with the same name
echo '<td>' . ' <textarea class="form-control"
name = "fieldText['.$row["ID"].']"
value = "'.$row["fieldText"].'"
cols="40" rows="4" ></textarea>' . "</td>";
I've have this bit in my processor.php file...
session_start();
$_SESSION['address'] = $_POST['field_2'];
$_SESSION['name'] = $_POST['field_1'];
Those variables are being passed to another page and pre-filling inputs on a second form like this...
<input type="hidden" name="Name" value="<?php echo $_SESSION['name']?>">
<input name="Address" type="text" value="<?php echo $_SESSION['address']?>">
Then that form is being submitted to email...
mail($to, $subject,"Form data:
Name: " . $_POST['Name'] . "
Property Address: " . $_POST['Address'] . "
More Fields ", $headers
);
The email comes through successfully with the pre-filled "Property Address" but "Name" is blank. Why is the hidden input not passing the variable for $_POST['Name']?
While it seemed like the hidden field was the problem, it was not. Every thing was working except for the second line here.
mail($to, $subject,"Form data:
Name: " . $_POST['Name'] . "
Email: " . $_POST['Email'] . "
Property Address: " . $_POST['Address'] . "
Lots More Fields ", $headers);
The whole `mail()' function bit was a copy-and-paste snip-it from the web into Sublime Text. The syntax was perfect, but I eventually found that there was an invisible non-ASCII character in the Name line left over from the copy paste from web snip-it operation. I checked if anyone else ever had a similar problem like this and immediately found this FileUtils.mv throwing Invalid char \302 and \255 exception
The moral of the story is that saving time by using snipits may not always save you time. I should have enabled "draw_white_space" in Sublime Text and I would have probably caught it a lot sooner.
As Fred -ii- pointed out the message body arguments all would have been better concatenated as a $message variable. Whose advice I've now followed.
At step 2, check in the generated HTML code if the "value" attribute have the correct value.
Also, instead of using at step 3 $_POST['Name'] , use $_REQUEST['Name']. With this, it will work if POST or GET request.
I am building a Order form for a Client's website. One of the pages lets users choose Vehicle Spareparts by entering the quantity beside each part. I have achieved this by writing the following code
<input class="qty" type="number" name="oil-pump" min="0" max="100">
The above input attribute is added several times besides each sparepart type while changing just the name value. On clicking Submit, the user is taken to a review page with details on the spareparts ordered.
I presently have the following code in review page:
<?php
echo 'Engine Bearings: ' . $_POST['eng-bearings'];
echo 'Cylinder Heads: ' . $_POST['cyl-heads'];
echo 'Cam and Valve Train: ' . $_POST['cam-valve-train'];
echo 'Oil Pump: ' . $_POST['oil-pump'];
echo 'Oil Caps and Pipes: ' . $_POST['oil-caps-pipes'];
?>
This works well if the user has entered a value in every field. If he doesn't, then the review page has just the echo text without any quantity. Also, I don't want the quantity to apppear if the user has entered 0.
I can't figure out how to use isset() with null and OR statements to not echo text when the value entered is 0 or left blank.
Any help is appreciated. Thanks!!
This is the perfect opportunity for a function:
function print_user_input($title, $queryVar) {
if (isset($_POST[$queryVar]) && !empty($_POST[$queryVar])) {
echo $title . ': ' . $_POST[$queryVar];
}
}
Use it like so:
print_user_input('Engine Bearings', 'eng-bearings');
Echo the value conditionally. If the target data is empty, echo an empty string:
echo empty($_POST['eng-bearings']) ? '': 'Engine Bearings: ' . $_POST['eng-bearings'];
Repeat for the other post values. Information about the ternary operator (<conditional> ? <value1> : <value2>) is here.
You need to check if its set & that its not empty before printing it on a screen.
<?php
if (! empty($_POST['eng-bearings'])) {
echo 'Engine Bearings: ' . $_POST['eng-bearings'];
} else {
// whatever you wanna do here in case eng-bearings is not set or its empty
}
// Do same for other $_POST values ...
?>
I have the following code
<input type="text" id="chapter" name="chapter" value="'.$chapter_title.'"/>
I want to add stripslashes to the '.$chapter_title.'
Would I do something like this.
<input type="text" id="chapter" name="chapter" value="stripslashes'.$chapter_title.'"/>
How would I do this - not too sure where to put brackets etc.
Your question is much clearer when you post the whole line. The HTML is part of a string:
$some_string = '<input type="text" id="chapter" name="chapter" value="'.$chapter_title.'"/>';
It doesn't really matter that it's HTML for this question, so let's make the example shorter:
$some_string = 'abc ' . $chapter_title . ' !!!';
That's better. Without HTML's double-quotes, it's much clearer what's going on. The string $some_string is the string 'abc ', concatenated to the PHP variable $chapter_title, concatenated to the string ' !!!'.
In fact, any PHP expression will do, not just an expression. In this case you want to concatenate the value of stripslashes($chapter_title) rather than just $chapter_title itself, so:
$some_string = 'abc ' . stripslashes($chapter_title) . ' !!!';
Putting the HTML back in:
$some_string = '<input type="text" id="chapter" name="chapter" value="' . stripslashes($chapter_title) . '"/>';
There is plenty of great recommended reading on PHP. I suggest picking up a book with good reviews and going through it. Twice.
You have to pass $chapter_title as an argument to stripslashes:
<input type="text" id="chapter" name="chapter" value="'.stripslashes($chapter_title).'"/>
Further readings:
http://en.wikipedia.org/wiki/PHP_syntax_and_semantics#Functions
<input type="text" id="chapter" name="chapter" value="' . stripslashes($chapter_title) .'"/>
You used ' to tell php that the HTML string ends. Than append the value of the function stripslashes, which gets the $chapter_title as input argument. And than append the rest of the HTML string.
I have a form and on submit, it goes to submit.php.
The input text looks like this:
<input name="hpno[1]" type="text" maxlength="3" size="3" /> - <input name="hpno[2]" type="text" maxlength="8" size="13" />
I need to store the data as per this format (010) 5839539.
Tried putting this in the submit.php
$hpno = implode('-', $_POST['hpno']); but this gives the output 010-5839539.
Any help would be much appreciated.
$(hpno) = '(' . implode(') ', $_POST['hpno']); ?
Sorry, rusty with my PHP. Let me know what that puts out, especially if it's just an error.
If you want it to be in the format (xxx) xxxxxxx, you'll have to do something like this:
$hpno = '('.$_POST["hpno[1]"].') '.$_POST["hpno[2]"];
You mentioned that you would be storing the data, so be careful if you're storing this in a database, you're clearly vulnerable to an injection attack this way.
You could help to prevent an SQL injection like this:
$hpno = mysql_real_escape_string("(" . $_POST['hpno[1]'] . ") " . $_POST['hpno[2]']);
This will give you the formatting you need and scrub the input (though it's not perfect, or bullet-proof).