I am wanting to be able to create links that show up on the links.html page based on user submissions.
The links would follow this format TITLE, so quite simplistic.
Users will submit data via this form:
<form action="links.php" method="post">
<input type="text" placeholder= "URL:" name="url" required><br>
<input type="text" placeholder= "Title:" name="title" required><br>
<input type="submit">
And the PHP I'm using is
<?php
$url = $_POST["url"];
$title = $_POST["title"];
$text = "".$title." <br> \n"
$file = fopen("./data/links.html","a+ \n");
fwrite($file, $text);
fclose($file);
?>
I know that the issue lies with building the ".$url." part as there are also speech marks. How would you get around this given that the URL requires the "URL" format.
Thanks in advance.
You would need to add the proper escape slashes for the quoting issue
$text = "".$title." <br> \n";
becomes
$text = "".$title." <br> \n";
Or you could mix single and double quotes and not use escapes -
$text = "<a href='".$url."'>".$title."</a> <br> \n";
As long as the $text string is in double quotes, you can do this:
$text = "<a href='{$url}'>{$title}</a> <br> \n";
Related
When I sanitize the input fields or text area I face a problem. When someone gave spaces and submit the form, my script accepts the form. But I want not to accept fields until there is not written at least a single character. My code is as follows.
Html
<form action="" method="POST">
<textarea name='text'></textarea>
<input type='submit' name='submit'>
</form>
Php
if(isset($_POST['submit'])){
if(isset($_POST['text']) && !empty($_POST['text'])){
//do whatever but not accept white space
}
}
You can trim whatever you want, just by using
trim()
Which removes characters from both sides of a string.
Documentaion: http://php.net/manual/bg/function.trim.php
trim and preg_replace will do this easily
<?php
echo $text = " this is niklesh raut ";
echo "\n";
$text = preg_replace('/\s+/', ' ',$text);
echo trim($text);
?>
live demo : https://eval.in/818137
OUTPUT :
this is niklesh raut
this is niklesh raut
With new line and tab : https://eval.in/818138
You can either echo out your statement:
<?php
if(isset($_POST['submit'])){
if(empty($_POST['text'])){
echo "Please enter a value.";
}
}
Or, add the required attribute to your input field.
<form action="" method="POST">
<textarea name='text' required></textarea>
<input type='submit' name='submit'>
</form>
I am creating a web page where the user select a number via a form.
HTML:
<form method="POST" style="font-size: 30px">
<input type="number" id="idname" name = "na" value=168 />
<label for="idname" >Number< /label>
<p><input type = "submit" name = "gesendet" value="Submit" />
<input type = "reset" /> </p>
</form>
using php I want to insert a txt file according to the number, such as 12_.txt or 166_.txt
<?php
$txtfile='"txt/' . $_POST["na"] . '_.txt"';
readfile($txtfile);
?>
The $txtfile string is O.K when "echoing" and the readfile function works with me when I read a file without the $_POST variable, but this simple code is just not working for me !!
Change:
$txtfile='"txt/' . $_POST["na"] . '_.txt"';
To:
$txtfile = 'txt/' . $_POST["na"] . '_.txt';
(Notice the extra double quotes)
I'm new to PHP, I'm trying to write to a file a text written from user. If i put a normal text like "TEST123" it is ok but when i put "TEST 123" it doesnt pass anything. A little help will be appreciated. Thnx
<?php
$filename = 'textfile.txt';
$content = $_POST['thedata'] ;
$handle = fopen("textfile.txt", "w");
fwrite($handle,'My text is:');
fwrite($handle,$content);
fclose($handle);
?>
HTML is
<form method="post" action="changetxt.php">
<font size"3"><font color="white"><b>Name </b> </font>
<div id="dat">
<textarea name="thedata" id="thedata" cols="20" rows="1"></textarea>
</div>
<div id="sub" style="position:absolute; left: 25">
<input type="submit" value=" Change Name ">
</div>
</form>
I think your question should have been: How do I write quotes to a file?
And the answer would be to put them in the string using escaping (\") in a double quotes string or directly in a single quoted string.
Try:
$content = '"' . $_POST['thedata'] . '"';
or
$content = "\"" . $_POST['thedata'] . "\"";
(I would have put this in the comments but I need more reputation...)
This is my promotion.php
<form action="postingPromotionUpdate.php" method="post" enctype="multipart/form-data">
Promo Title: <input type="text" name="promotionTitle"/><br/>
Promo Remark: <textarea name="promotionText" cols="100" rows="10" </textarea><br/>
<input type="submit" value="Update"/>
</form>
This is my postPromotion.php
include 'connect.php';
$promotionTitle=$_POST['promotionTitle'];
$promotionText=$_POST['promotionText'];
mysql_query("update promotion set promotionTitle = '$promotionTitle', promotionText = '$promotionText' where indexNum = 1");
echo "<script>alert('Update Successful!');</script>";
If I post short text, no problem. When I post a very long text, can't to post and save it.
Maybe That's because of two reasons
1.Your character type in mysql maybe short (like varchar[100]) use 'longtext' as character type
2.you don't use mysql_real_escape_string.If single quotes comes in your text query breakes.
Use this function to recover that.
function clean($str)
{
$str = #trim($str);
if(get_magic_quotes_gpc()) {$str = stripslashes($str); }
return mysql_real_escape_string($str);
}
$promotionTitle=clean($_POST['promotionTitle']);
$promotionText=clean($_POST['promotionText']);
There's a comment card feature on the website I work at, that after filling out the forms, a php mail call is made to email people the comments. However, one of the strings, "comments" is getting cut off. Could someone look at this code and possibly tell me why?
EDIT: Did some testing and discovered that single and double quotes cause the problem. Any advice on dealing with this would be great. Do I want to use stripslashes or some such?
Here is an example of the problem:
Location: The place
Quality: Good
Comments: The Hot Dog at the Grill was labeled with the \\
Email: someemail#email.com
Date: 05/23/11
Time: 13:34
Here is the confirmation page: (help much appreciated, it's my first day on the job and I can't figure this out!
<?php
$date=date("m/d/y");
$time=date("H:i");
$loc=$_POST['location'];
$qual=$_POST['quality'];
$comm=$_POST['comments'];
$em=$_POST['email'];
echo("<p class=\"bodytext\">You are about to send the following information:<span><br><br><span class=\"bodytextbold\">Location:</span> ".$loc."<br><br><span class=\"bodytextbold\">How was your food?:</span>".$qual."<br><br><span class=\"bodytextbold\">Comments: </span>".$comm."<br><br><span class=\"bodytextbold\">Your email address: ".$em);
echo("<form method=\"post\" action=\"comment_card_email.html\">
<input type=\"hidden\" name=\"location\" value=\"".$loc."\">
<input type=\"hidden\" name=\"quality\" value=\"".$qual."\">
<input type=\"hidden\" name=\"comments\" value=\"".$comm."\">
<input type=\"hidden\" name=\"email\" value=\"".$em."\">
<input type=\"hidden\" name=\"date\" value=\"".$date."\">
<input type=\"hidden\" name=\"time\" value=\"".$time."\">
<input type=\"submit\" class=\"bodytext\" value=\"submit comments\" name=\"submit\"></form>");
?>
And here's the html page php script that receives it:
<?php
$location = $_POST['location'];
$quality = $_POST['quality'];
$comments = $_POST['comments'];
$email = $_POST['email'];
$date = $_POST['date'];
$time = $_POST['time'];
$recipients = "someemail#email.com";
function mail_staff($recipients, $location, $quality, $comments, $email, $date, $time){
mail($recipients, "Comment Card#[".$location."]".time(), "The following comment has been submitted:
Location: $location
Quality: $quality
Comments: $comments
Email: $email
Date: $date
Time: $time
", "From:".$email);
}
Went ahead and pulled my comments together and combined them into this answer.
You might want to consider using heredoc for those long echo statements, it will make it much cleaner and easier.
echo <<<FORM
<form method="post" action="comment_card_email.html">
<input type="hidden" name="location" value="$loc">
<input type="hidden" name="quality" value="$qual">
<input type="hidden" name="comments" value="$comm">
<input type="hidden" name="email" value="$em">
<input type="hidden" name="date" value="$date">
<input type="hidden" name="time" value="$time">
<input type="submit" class="bodytext" value="submit comments" name="submit"></form>
FORM;
Your comment about the "\" makes me think that you've accidentally escaped the rest of the string. Make sure your quotes aren't causing issues. From the look of your sample comment, it looks like the user used a double quote and that escaped the rest of your string. Try using htmlspecialchars to escape those quotes instead. htmlspecialchars is a PHP function that escapes HTML friendly entities from text. So the quotes would be in the &xxxx; format. Thus you would not need to worry about escaping quotes any longer as that would be taken care of with entities. And its reversible with htmlspecialchars_decode. So this should work.
$raw = $_POST['comments'];
$stripped = stripslashes($_POST['comments'];
$comments = htmlspecialchars($stripped, ENT_QUOTES);
Edit: Oops, the form didn't go through for the heredoc, edited it to work.