I have large html code inside my DATABASE. I need to get that into textarea for editing purpose. I can do that all but i have problem when it is displaying code into textarea. Half code is inside of textarea but other half display form not code and it display it out of textarea. (See Picture ).
Passing data from DATABASE:
<?php
include_once("scripts/connect.php");
$id = $_GET['id'];
$result = mysqli_query($mysqli, "SELECT * FROM formsAndCategories WHERE id=$id");
while($res = mysqli_fetch_array($result))
{
$category = $res['category'];
$form = $res['form'];
}?>
Displaying code from DATABASE (issue is with textarea. its displaying wrong on page):
<form name="form1" method="post" action="edit.php">
<label class="fb-textarea-label">Form Code</label><textarea name="form" class="form-control" rows="25"><?php echo $form;?></textarea>
<label class="fb-text-label">Category</label> <td><input type="text" name="category" class="form-control" value="<?php echo $category;?>"></td>
<input type="hidden" name="id" value="<?php echo $_GET['id'];?>"></td>
<input type="submit" class="btn btn-success" name="update" value="Update"></td>
</form>
So far i tryed to do that on plain page. I was thinking maby those all (bootstraps, jquery and css etc) are ruining it all. But nothing.
Then i found out that there is no character limit in textarea but anyway i tryed to set character limit with maxlength="200000".
Then i tryed different code because i was thinking maby there is problem with html form code but nothing.
If it is not possible in this way then maby there is different way to do this ?
If somebody can help me out with this it would be great.
Thank You.
Following code will escape HTML characters. In the code above, HTML characters are not escaped and directly appending HTML to text box is causing the HTML breakup.
May be following solution will work.
<textarea name="form" class="form-control" rows="25"><?php echo htmlentities($form);?></textarea>
or
<textarea name="form" class="form-control" rows="25"><?php echo htmlspecialchars($form);?></textarea>
Related
there!
I want to do a database search and display the result back to the user in a pre-populated HTML form.
I located the exact part in the code that is not working but I can't understand why PHP is not picked by the server. I'm using UwAMP.
To illustrate the problem here is my short snippet of code that I need help with:
<form id="st_reg" action="" method="POST">
Student Number:
<input type="number" name="s_num" min="1000000" max="3000000" > </br>
<input type="Submit" value="Search">
</form>
<?php
if($_SERVER['REQUEST_METHOD'] == "POST"){
if(empty($_POST['s_num'])){
$errors[] = "You forgot to enter the Student No!";
}
else{
$st_no = trim($_POST['s_num']);
}
if(empty($errors)){
//Open database connection
require('../../connect_to_database/mysql_connect.php');
//Check if the student is already in the database
$query = "SELECT * FROM student WHERE student_no = $st_no";
//Run the query
$result = mysqli_query($db_connection,$query);
if(!$result){
echo "The student does not exist!";
echo"Please <a href='index.html'>go back</a> and choose another action!";
}
elseif($result){
echo "<h2>Student Details:</h2>";
while($row = mysqli_fetch_array($result)){
echo '<form id="st_reg" action="" method="POST">
<label>Student Number:</label>
<input type="number" name = "st_number" min="1000000" max="3000000" value="<?php if(isset(\$row[\'student_no\'])) echo \$row[\'student_no\']; ?> ">
AND the PHP code inside VALUE ATTRIBUTE is not executing when it should in reality. Don't bother about GLOBAL php tags not being closed 'cause they are in the file (I'm not that dump).
Please note all this code is inside a .php file with HTML code. This is a just the processing part after the form is submitted. I saved my time by using single-quotes for echo and escaped the sigle-quotes along the way where DB access was required. I tried curly brackets around variables, echo with double-quotes escaping double-qoutes within it but none of these attempts were successful. This is strange because I can perfectly echo $row['student_no'] outside of this context and is running fine.
I also looked at similar questions on this website. They were close but none of them had nearly to this context. I am open to any suggestions and better than that solutions.
echo '<form id="st_reg" action="" method="POST">
<label>Student Number:</label>
<input type="number" name = "st_number" min="1000000" max="3000000" value="<?php if(isset(\$row[\'student_no\'])) echo \$row[\'student_no\']; ?> ">
should look like this:
echo '<form id="st_reg" action="" method="POST">
<label>Student Number:</label>
<input type="number" name = "st_number" min="1000000" max="3000000" value="' . (isset($row['student_no']) ? $row['student_no'] : '') . '">
CONTINUATION OF STRING...
The following will do what you want.
value="<?= (isset($row["student_no"]) ? $row["student_no"] : "") ?>"
You don't need to worry about all of the escaping when you're inside the PHP chunk already.
I've a column inside my table to put Html codes, I will use this table for email templating.
I have inside my page, all the templates inside my table, with two buttons, one to remove, and another one to edit.
The edit button shows the code inside a textbox, and to do the preview I did an echo to the code column.
<div class="tempcolumn">
<div><textarea name="ai" rows="15" cols="100" name="code" placeholder="Code">
<?php echo $get_temp; ?></textarea></div>
</div>
Preview
<div class="tempcolumn">
<p><?php echo $get_temp; ?></p>
<div></div>
</div>
To recognize the code and the id i created an hidden input
<input type="hidden" name="temp_id" value="'.$val['template_id'].'">
<input type="hidden" name="temp_code" value="'.$val['text'].'">
The script is working, but when i insert inside the code column some "<" or "=" doesn't work
Is inferfering because it reads the input value like this:
<input type="hidden" name="temp_id" value=" Value here + 'random character that closes the tag' ">
Is there a easier way to do that?
Thanks
You can try;
htmlspecialchars($value)
This will convert html characters to their non-interfering cousins.
See http://docs.php.net/manual/en/function.htmlspecialchars.php as I can't post the equivalents without them becoming characters.
I'm sorry if this has been asked before, I've searched around SO and nothing I've come across seems to help me here.
I have a HTML page with a form which passes values to an external PHP page.
<form method="post" action="getContent.php">
<input type="hidden" name="fromTest" id="fromTest"/>
<input type="hidden" name="untilTest" id="untilTest"/>
<input type="hidden" name="latTest" id="latTest"/>
<input type="hidden" name="longTest" id="longTest"/>
<input type="hidden" name="search1" id="search1"/>
<input type="hidden" name="search2" id="search2"/>
<input type="submit" class="sendAll" value="Gather News!">
</form>
These values are then set in the PHP to variables in SESSION
$_SESSION['post-data'] = $_POST;
$search1 = $_SESSION['post-data']["search1"];
$search2 = $_SESSION['post-data']["search2"];
$until = $_SESSION['post-data']["untilTest"];
$since = $_SESSION['post-data']["from"];
$lat = $_SESSION['post-data']["latTest"];
$long = $_SESSION['post-data']["longTest"];
This all works great and for the function it was made, everything is working perfectly.
I've got a header in my HTML of which I want the text inside of the div to be the value of $search1.
The feed1MainHeader div is completely in the HTML page and has no current links to PHP.
<div id="feed1MainHeader">
<p>test<p>
</div>
after the external php page is called and goes back to my html page, I need the header value to = my first search term.
Any idea how I can do this easily?
You can output data stored in session with
echo $_SESSION['post-data']['search1']
where you need to first search string to appear.
I'm trying to make a user search with the following code:
<?php
session_start();
include("../BD/bd.php");
$searched_for = $_POST['searched_for'];
$query = #mysql_query("SELECT * FROM user_media WHERE nombre LIKE '%$searched_for%'") or die(mysql_error());
while($got_users = #mysql_fetch_array($query)){
echo '<div class="searched-content-info">'.
'<div class="searched-photo"><img src="'.$got_users['foto'].'"></div>
<div class="searched-names"><h3>'.$got_users['nombre'].'</h3></div>
<div class="searched-dates"><h3>'.'Miembro desde: '.$got_users['created_on'].'</h3></div>
</div>
<div class="divisor-search-user"></div>';
}
?>
But I'm getting all the rows, I just want to display the searched users info, seems like the $query is receiving a clean $searched_for
Any help here? Btw, I'm a little newbie here, please don't bully :)
EDIT: I tried changing $got_users['nombre']; with $searched_for to see if $searched_for is empty and yes it doesn't return any string that's why I am getting all the rows. $query is getting an empty variable but Why?
Here's my HTML:
<form target="u-n" id="search_input" action="search_user.php" method="post">
<input id="search-input" name="searched_for" type="search" placeholder="Search">
</form>
You used <input type="search" /> which is a HTML5 feature. Older browsers may not support this. Replace this input with type="text".
Then, your $_POST['searched_for'] should populate properly, that is:
<input name="searched_for" type="text" placeholder="Search" />
Also, you used the same id multiple times, which is an invalid HTML syntax.
Reference: HTML input tag at MDN
I have written a script in php to replace in newtopic button in phpbb3
in other question, a user says me this:
In your submit.php, you can retrieve the forum ID using $_GET['f']. Now, to pass it on to application.php, you can use a hidden input field:
<form method="post" action="application.php" accept-charset="utf-8" >
$id = htmlspecialchars($_GET['f']);
<input type="hidden" name="forum_id" value="<?php echo $id; ?>"/>
When you click on the submit button, the forum ID value will also get POSTed, and you'll be able to retrieve it in application.php code using the $_POST['forum_id'].
and my code goes as here:
<form method="post" action="application.php" accept-charset="utf-8" >
$id = htmlspecialchars($_GET['f']);
<input type="hidden" name="forum_id" value="<?php echo $id; ?>"/>
.............
<fieldset class="submit-buttons">
<input value="Submit" class="button2" type="submit">
</fieldset>
This code is embedded in submit.php to use phpbb3 template.
and application.php goes as here
So I click on new topic button, and I redirect to submit.php?mode=post&f=3 and in that php there is embedded the html, the problem is that with the solution, I receive the next error:
"The forum you selected does not exist" and the addresswar goes as: viewforum.php?f=&sid=a69fb9f491d2adc11c4be3a6dac02774
so I think that forum_id (in thos case is "3" (&f=3) is not correctly sent throught php scripts
I would appreciate some help
You need to add $id = htmlspecialchars($_GET['f']); inside the <?php ?> tag,
<?php $id = htmlspecialchars($_GET['f']); ?>