When I use PHP to set the value of a HTML form input element, it works fine provided I don't have any spaces in the data.
<input type="text" name="username"
<?php echo (isset($_POST['username'])) ? "value = ".$_POST["username"] : "value = \"\""; ?> />
If I enter "Jonathan" as the username, it is repeated back to me as expected. If I enter "Big Ted", however, I only get "Big" repeated back when I submit the form.
Note that the $_POST["Username"] variable is correct; when I echo it using PHP, it is set to "Big Ted".
Quote it. Otherwise the space will just become an attribute separator and everything after spaces will be seen as element attributes. Rightclick page in webbrowser and view source. It should not look like this (also see syntax highlight colors):
<input value=Big Ted>
but rather this
<input value="Big Ted">
Not to mention that this would still break when someone has a quote in his name (and your code is thus sensitive to XSS attacks). Use htmlspecialchars().
Kickoff example:
<input value="<?php echo (isset($_POST['username']) ? htmlspecialchars($_POST['username']) : ''); ?>">
<input type="text" name="username"
<?php echo (isset($_POST['username'])) ? "value = '".$_POST["username"]' : "value = ''"; ?> />
You have to wrap the variable result with quotes, so that the browser can know what's the content of the input.
<input type="text" name="username"
<?php echo (isset($_POST['username'])) ? ('value = "'.$_POST["username"].'"') : "value = \"\""; ?> />
Be aware of your quote usage.
As you see its not PHP5 or even PHP question at all.
Basic HTML knowledge is obligatory for one who want to be a PHP user.
And with using templates it looks way more neat:
Getting data part code:
$username = "";
if isset($_POST['username'])) $username = htmlspecialchars($_POST["username"]);
And template code:
<input type="text" name="username" value="<?=$username?>">
If you divide your code to 2 parts it become way more supportable and readable.
just make sure you put the colon after the field for example :
<option value="'.$row['name'].'">
Used quotes and it worked.
On the other side, needed to use the following:
$param=preg_replace('/[^A-Za-z0-9 ]/','', $param);
Related
Is it possible to insert an active link to an input textbox?
I tried using an <a> tag inside the value of html but its not working.
<?php $email = "example#link.com "; ?>
<input type="text" id="email" name="email" value="<?php echo $email; ?>">
It only returns the text without the hyperlink value.
A couple things are wrong here...
You're not escaping your quotes. Therefore the PHP is invalid.
You're trying to put HTML inside a attribute, which is also invalid.
The only alternative I could see being used here is an HTML element with contenteditable="true" applied. This makes it so an element (per say a <div>) can have it's content be modified.
<?php $email = "example#link.com "; ?>
<div id="fake-email" contenteditable="true"><?php echo $email; ?></div>
Then see this related question if you're doing a form.
Edit:
If you're trying to do a form, then this is one example:
document.getElementById("form").onsubmit = function(){
document.getElementById("email").value =
document.getElementById("fake-email").innerText || document.getElementById("fake-email").textContent;
}
While your form is:
<form action="..." method="..." id="form">
<div id="fake-email" contenteditable="true"></div>
<input type="hidden" id="email" name="email" />
</form>
No, it isn't possible. Input values will always be rendered as plain text. If the user doesn't need to edit the link I would just put it beside the input.
Otherwise you might want to look into WYSIWYG Editors. Links to two of the most popular below.
TinyMCE
CKEditor
You need to escape quotes when including it in your php variable.
<?php $email = "example#link.com "; ?>
You need to use a backslash when you're using double quotes.
Alternatively, you can write it as such:
<?php $email = 'example#link.com '; ?>
If you start with single quotes, then you don't need to escape the double quotes. \
I strongly suggest you read up on escaping characters when need be.
I am creating a form and am just looking for more efficient ways to do things. What I have so far is:
<p><input type="text" name="transmission" value="" /></p>
<p><input type="text" name="model" value="<?=$model;?>" /></p>
So some of them will have a value already set, and some will be blank. What I want to do is see if the form has been set, and if it has then use $_POST['name'] as the value, if not then use either blank or use the previous variable I have.
<p><input type="text" name="name" value="<?php if isset($_POST['submit'])) { echo $_POST['name']; } else { echo ""; } ?>" /></p>
But there has to be a shorter way to do that.
IF anyone could point me in the direction I would really appreciate it.
Thank you!
You can define variables in beginning of your script before HTML output, for example:
$name = isset($_POST['submit']) ? $_POST['name'] : null;
in your html section you can print $name without worrying it was not defined
<p><input type="text" name="name" value="<?php echo $name ?>" /></p>
Also if $_POST['submit'] does not contain any value you are more likely to receive FALSE statement. To avoid such issues use array_key_exists
Like Nazariy said, you should avoid as much PHP in the template as possible.
In fact, you should have in your template already prepared variables only.
So, in your code have something like this
$FORM = array();
$form_fields = array('name','sex');
foreach($form_fields as $fname) {
if (isset($_POST[$fname])) {
$FORM[$fname] = htmlspecialchars($_POST[$fname]);
} else {
$FORM[$fname] ='';
}
}
and then you have smooth and neat template:
<p><input type="text" name="name" value="<?=$FORM['name']?>" /></p>
Without going into the reasons not to use <p> to structure your forms, there's not much that can be done besides removing the else.
<p><input type="text" name="name" value="<?php if isset($_POST['name'])) echo $_POST['name']; ?>" /></p>
Shorthand <?=$_POST['name'] ?: ''?>
Use the php error control operator: #.
<?php
$posted_text = #$_POST['posted_text'];
echo $posted_text
?>
If the POST variable is set, it will be echo-ed out. If not, nothing will show up.
You could try this...
$_POST['submit'] ? echo $_POST['name'] : echo '';
I'm using a boolean compare instead of the isset function (see link for table)
http://www.php.net/manual/en/types.comparisons.php
or an other option is...
echo ($_POST['submit'] ? $_POST['name'] : '');
<?= isset($_POST['submit'])? $_POST['name'] : ""; ?>
Is the shortest you'll get it, apart from say <?= $_POST['name']; ?> (if submit is not set name should be empty anyway) - you probably need to turn warnings off.
All that being said, this is very very poor practice and opens you up to cross site scripting (XSS). You should NOT be doing this. Even on an intranet, if an attacker ever owns a computer that has access to it they can use XSS to perform any actions the user can.
From your question and how much distaste you have for this type of echoing on screen I'd suggest you use some form of templating library such as Smarty. This allows your html code to look like this:
<p><input type="text" name="name" value="{name}" /></p>
I just saw this from wordpress coding standard. although they not encourage for the readability..
isset( $var ) || $var = some_function();
reference here
I retrieve three pieces of information from the database, one integer, one string, and one date.
I echo them out to verify the variables contain the data.
When I then use the variables to populate three input boxes on the page, they do not populate correctly.
The following do not work:
id: <input type="text" name="idtest" value=$idtest>
Yes, the variable must be inside <?php var ?> for it to be visible.
So:
id: <input type="text" name="idtest" value=<?php $idtest ?> />
The field displays /.
When I escape the quotes,
id: <input type="text" name="idtest" value=\"<?php $idtest ?>\" />
the field then displays \"\".
With single quotes
id: <input type="text" name="idtest" value='<?php $idtest ?>' />
the field displays nothing or blank.
With single quotes escaped,
id: <input type="text" name="idtest" value=\'<?php $name ?>\' />
the field displays \'\'.
With a forward slash (I know that's not correct, but to eliminate it from the discussion),
id: <input type="text" name="idtest" value=/"<?php $name ?>/" />
the field displays /"/".
Double quotes, escape double quotes, escape double quotes on left side only, etc. do not work.
I can set an input box to a string. I have not tried using a session variable as I prefer to avoid do that.
What am I missing here?
Try something like this:
<input type="text" name="idtest" value="<?php echo htmlspecialchars($name); ?>" />
That is, the same as what thirtydot suggested, except preventing XSS attacks as well.
You could also use the <?= syntax (see the note), although that might not work on all servers. (It's enabled by a configuration option.)
You need, for example:
<input type="text" name="idtest" value="<?php echo $idtest; ?>" />
The echo function is what actually outputs the value of the variable.
Solution
You are missing an echo. Each time that you want to show the value of a variable to HTML you need to echo it.
<input type="text" name="idtest" value="<?php echo $idtest; ?>" >
Note: Depending on the value, your echo is the function you use to escape it like htmlspecialchars.
From the HTML point of view everything's been said, but to correct the PHP-side approach a little and taking thirtydot's and icktoofay's advice into account:
<?php echo '<input type="text" name="idtest" value="' . htmlspecialchars($idtest) . '">'; ?>
If you want to read any created function, this how we do it:
<input type="button" value="sports" onClick="window.open('<?php sports();?>', '_self');">
I have been doing PHP for my project, and I can say that the following code works for me. You should try it.
echo '<input type = "text" value = '.$idtest.'>';
When I use PHP to set the value of a HTML form input element, it works fine provided I don't have any spaces in the data.
<input type="text" name="username"
<?php echo (isset($_POST['username'])) ? "value = ".$_POST["username"] : "value = \"\""; ?> />
If I enter "Jonathan" as the username, it is repeated back to me as expected. If I enter "Big Ted", however, I only get "Big" repeated back when I submit the form.
Note that the $_POST["Username"] variable is correct; when I echo it using PHP, it is set to "Big Ted".
Quote it. Otherwise the space will just become an attribute separator and everything after spaces will be seen as element attributes. Rightclick page in webbrowser and view source. It should not look like this (also see syntax highlight colors):
<input value=Big Ted>
but rather this
<input value="Big Ted">
Not to mention that this would still break when someone has a quote in his name (and your code is thus sensitive to XSS attacks). Use htmlspecialchars().
Kickoff example:
<input value="<?php echo (isset($_POST['username']) ? htmlspecialchars($_POST['username']) : ''); ?>">
<input type="text" name="username"
<?php echo (isset($_POST['username'])) ? "value = '".$_POST["username"]' : "value = ''"; ?> />
You have to wrap the variable result with quotes, so that the browser can know what's the content of the input.
<input type="text" name="username"
<?php echo (isset($_POST['username'])) ? ('value = "'.$_POST["username"].'"') : "value = \"\""; ?> />
Be aware of your quote usage.
As you see its not PHP5 or even PHP question at all.
Basic HTML knowledge is obligatory for one who want to be a PHP user.
And with using templates it looks way more neat:
Getting data part code:
$username = "";
if isset($_POST['username'])) $username = htmlspecialchars($_POST["username"]);
And template code:
<input type="text" name="username" value="<?=$username?>">
If you divide your code to 2 parts it become way more supportable and readable.
just make sure you put the colon after the field for example :
<option value="'.$row['name'].'">
Used quotes and it worked.
On the other side, needed to use the following:
$param=preg_replace('/[^A-Za-z0-9 ]/','', $param);
i have the following code :
<input type="text" value="<?php echo $_GET['msg']; ?>">
This input is automatically filled with the name that is writen in the previous page.
So, if the user wrote : i like "apples" and banana
The input will be broken because it will close the tag after the double quotes.
I know i can avoid that by html entiting the value, but i don't want this, is there another solution or is there an <<< EOD in html ?
Thanks
htmlentities() / htmlspecialchars() is the standard way for this. You should use it.
You can always decode the entities before you send them by E-Mail, or do something else with them using html_entity_decode().
You should use the htmlspecialchars function, to escape the output for HTML :
<input type="text" value="<?php echo htmlspecialchars($_GET['msg']); ?>">
Note : you might have to add some additionnal parameters, if you are not using ISO-8859-1 as charset ; for example, with UTF-8 :
<input type="text" value="<?php echo htmlspecialchars($_GET['msg'], ENT_COMPAT, 'UTF-8'); ?>">
One function or another will cause some kind of trouble.
I came up with the following to keep the ampersand:
<input type="text" value="<?php echo parseString($_GET['msg']); ?>">
<?php
function parseString($str) {
$result=str_replace('"','"',$str);
$result=str_replace("'","'",$result);
return $result;
}