I have a database table that contains these rows, "id" ,"link" and "name"
with link being :
<a href=\"https://www.sample.com/file1.php\">[1-200]< /a> <a href=\"https://www.sample.com/file2.php\">[201-224]< /a>
and name :
item1
I have the following PHP code to get the info from the database and return it to visitors. My problem is that the link for file2.php, is not only applied as hyper link for [201-224], the hyperlink is applied for the rest of the page content also. How do I prevent this? And thanks in advance.
echo "</br> ".$name= $row['name'];
echo "</br> ".$Torrentlink= preg_replace('/\\\\/', '',$row['Torrentlink']);
echo "</br> ";
echo "</br> ";echo "</br> ";
echo "the rest of my text goes here ";
This is a terrible way to handle this type of data. If you know they are all links then you should only be storing the link and the name (of course id and other meta data could be useful). Your current situation allows for too many errors and a maintenance problem for those working behind you. If you do not want to create a record for each link, consider storing them as JSON or some other format.
Example: (Store JSON in DB as VARCHAR)
<?php
//Populate variable from DB
//$TorrentLinks = $row{'Torrentlink'};
$TorrentLinks = '[
{"url":"https://www.sample.com/file1.php","text":"[1-200]"},
{"url":"https://www.sample.com/file2.php","text":"[201-224]"}
]';
//Convert to array
$jsonLinks = json_decode($TorrentLinks,true);
//Iterate and print links
foreach ($jsonLinks as $key => $value) {
echo "{$value["text"]}<br />";
}
Results:
[1-200]
[201-224]
Depending on how you capture the data, you could also use something like htmlspecialchars() to keep the special characters from executing.
I think there's a problem with your preg_replace('/\\\\/', '',$row['Torrentlink']);
/\\\\/ finds text with double backslash \\. It seems that your intention is to find only single backslashes to get rid of them in your links.
So try replacing it with
preg_replace('/\\/', '',$row['Torrentlink']);
For example https://regexr.com/ is a good place to check your regular expressions.
the error was simply the input html text.
the problem was the " < /a> " in the line:
<a href=\"https://www.sample.com/file1.php\">[1-200]< /a> <a href=\"https://www.sample.com/file2.php\">[201-224]< /a>
I had a space before the the backslash.
Related
I select a list of names from mysqli database then display row details in display.php with if (isset($_GET['name']));
The link is
$str = strtoupper($str);
echo "<tr><td><a href='php/display.php?name=$str'>$str</a></td></tr>";
This executes correctly unless name contains '(apostrophe).
For instance $str (as input/click) shows as L'ECLIPSE but the <a> link only L'
The result in display.php is 'No data found for your request'
I have found exact same queries on this site but none of the answers have resolved my problem. Perhaps I am not implementing correctly.
I assume this is about escaping. But I know little about it.
<?php
$str = strtoupper($str);
echo "<tr><td><a href='php/display.php?name=".urlencode($str)."'>$str</a></td></tr>";
urlencode() the string first. So you don't get this kind of problems.
Try this code.
<?php
$str = strtoupper($str);
echo "<tr><td><a href='php/display.php?
name=".htmlspecialchars($str)."'>$str</a></td></tr>";
?>
Your Single quote becomes ' ;
I hope it will help
Hello dear programmers,
I have a problem with the echoing of a html phrase with an onclick function that executes a javascript function. I want to build a tabpage, for a image gallery.
The echo:
echo "<div class='albumitem'><a class='tablinks' onclick='openAlbum(event, '".$album."')'><h1 class='galleryheader'>".$album."</h1></a><div id='".$album."' class='tabcontent'>";
Everything goes well, except the passing of the variable in the onclick function, as you can see here. What actually the HTML looks like:
<a class="tablinks" onclick="openAlbum(event, " aubing')'=""><h1 class="galleryheader">Aubing</h1></a>
But this onclick event has to look like this:
onclick="openAlbum(event, 'Aubing')"
Is there a way to actually realise this or do I have to find an other option?
I actually tried switching " with ', didnt go very well....
Thank you for everybody that tries to help
Try this:
echo "<div class='albumitem'><a class='tablinks' onclick='openAlbum(event, \"$album\")'><h1 class='galleryheader'>".$album."</h1></a><div id='".$album."' class='tabcontent'>";
see escaped double quotes in the onclick definition
addslashes is what you are looking exactly.And also you have to remove the single quotes in variable.Try to do the following way.
echo "<div class='albumitem'><a class='tablinks' onclick='openAlbum(event, '".addslashes($album)."')'><h1 class='galleryheader'>".$album."</h1></a><div id=".addslashes($album)." class='tabcontent'>";
Hope this help.
An alternative:
$escapedString = htmlspecialchars('This is a test string: < > & \' " end.', ENT_COMPAT);
echo "<div onclick='alert(this.dataset.name)' data-name=\"$escapedString\">Click Me</div>";
This approach avoid quotes inside function, no quotes nesting.
I am creating a hyperlink in foreach loop. It is working fine. When I am passing $id in URL parameter then it is not working. my link is showing http://****/test/index.php/test/view?id=**. i don't what i am doing wrong here.
foreach($list as $item)
{
$rs[]=$item['uname'];
$id=$item['uid'];
//var_dump($id); here it's printing $id value...
echo '<b> '.$item['uname'].'<br/>';
}
I want to pass $id value with hyperlink. Please suggest me.
It's of course getting printed -- your browser is just not displaying it to you since it's not being correctly parsed as HTML due to the extra " around the $id variable.
Set your header as follows:
header('Content-Type: text/plain');
and you'll see that it returns something like:
<b> FOOBAR<br/>
^ ? ^
As you can see, the issue is the extra double-quote before 55.
Change your code to:
echo '<b> <a href="/test/index.php/test/view?id=' . $id .'">'.
$item['uname'] . '</a><br/>';
Alternatively, you could also use double-quotes and enclose your variables inside {}, like so:
echo "<b> <a href=\"/test/index.php/test/view?id=$id\">{$item['uname']}
</a><br/>";
I'd use sprintf as it's cleaner.
echo sprintf('<b> %s<br/>', $id, $item['uname']);
You have another ".
Change this:
echo '<b> '.$item['uname'].'<br/>';
To this:
echo '<b> '.$item['uname'].'<br/>';
Try this:
echo "<b><a href='/test/index.php/test/view?id=$id'>$item</a></b><br/>";
This works!
And is the easiest and cleanest option. Inside of the double escaping, the simple is used for the html and through the double escaping all variables are written inside :) . Very simple.
I am building a picture gallery, that uses this code to display each product I have:
<div class="feature">
<imagetag alt="Image Caption"srcs="">
<div>
<p>
This is some information that can go along with an image.
Anything can be placed here, including images.
</p>
</div>
</div>
I need to create a while loop, that takes all the products in my database, and creates a div of the "feature" class for every instance. I have problems know exactly which symbols need to be escaped and etc. Your help is greatly appreciated.
here is my start:
<?php
($product_set = mysql_fetch_assoc($query)) {
print("<div class="feature"> <imagetage alt="Image Caption" srcs=$product_set[products_image]>"
);}
?>
If you are in a string, every doublequote should be escaped. Because it will close your string.
<?php
($product_set = mysql_fetch_assoc($query))
{
print "<div class=\"feature\"><img alt=\"Image Caption\" src=" . $product_set['products_image'] . ">";
}
?>
Fun thing is, I got a link from someone on stackOverflow about PHP templating. Which was using Smarty. So you don't have to use these print states anymore.
Have you tried:
print(htmlentities($my_html_string))
or htmlspecialchars? htmlentities converts all characters that have one to their HTML escape sequence, while htmlspecialchars converts only those that have meaning in HTML.
I started doing a new project in PHP / MySql . The Aim of this project is to manage articles for a magazine that i am the editor of.
So the content of the articles, i decided i would store with the "TEXT" column type of MySql
Now when i retrieve this column and print it with echo, the newlines are not there. Its all on the same line.
$resset = mysql_query("select txt from articles where id = 1");
$row = mysql_fetch_assoc($resset);
$txt = $row['txt'];
echo $txt; //doesnt print it as it is in the database as it was typed (multiline)
Find below, the text as it looks in the database and as it looks when it is echoed
in the databse, it is with new lines http://img413.imageshack.us/img413/4195/localhostlocalhostzxcvb.jpg
Text as it looks when echod http://img718.imageshack.us/img718/1700/sdashboardmozillafirefo.jpg
But within the database, its stored with newlines.
Has anybody else encountered this problem?
Please help me as my project depends on this :|
Whitespace in HTML is folded into a single space. Use nl2br() if you want to maintain newlines in HTML.
Have you tried
echo $txt."<br/>";
alternatively, you can put your output between <pre> tags:
echo "<pre>";
$resset = mysql_query("select txt from articles where id = 1");
$row = mysql_fetch_assoc($resset);
$txt = $row['txt'];
echo $txt; //doesnt print it as it is in the database as it was typed (multiline)
echo "</pre>";
btw,
echo $txt."<br/>";
may not work since it will just append newline at the end but not within $txt string
I know this isn't part of your question, but if you additionally want new lines in your HTML code but not your presentation, use double quotes with \n. This can help keep the HTML really tidy.
echo "\n";