I am trying to make a placeholder for forms in concrete5 using a the tablelessforms addon.
So far I have enabled the form to produce placeholders for inputs using the below code. However, the textarea while displaying, the function str_replace does not replace and add my placeholder.
Here is the code below and a link to the site : http://79.170.44.138/holidayletmidwales.co.uk/newsite/
<div class="fields">
<?php foreach ($questions as $question): ?>
<div class="field field-<?php echo $question['type']; ?>">
<?php if ($question['textarea']) {
$question['textarea'] = str_replace('rows="3"', 'rows="3" placeholder="'.$question['question'].'"', $question['textarea']);
echo $question['textarea'];
} else {
$question['input'] = str_replace('value=""', 'value="" placeholder="'.$question['question'].'"', $question['input']);
echo $question['input'];
} ?>
</div>
<?php endforeach; ?>
</div><!-- .fields -->
Any help would be greatly appreciated.
The find and replace isn't working as you're searching for rows="3" when the markup has rows="5". A better option, rather than searching for an attribute which could change, would be to find the beginning of the tag, e.g. str_replace ('<input', '<input placeholder="foo"', $html) or, if possible, to extend the class generating the tags to handle placeholders as you require.
Related
I see two methods but I don't know which is better, should I insert a div tag like this :
echo "<div>";
or like this ?
?> <div> <?php
There's no right answer to this.
When displaying a lot of HTML, I normally use ?> <div> <?php. This is especially true for when looping over data from a database, I would use:
<?php while ($row == $query->fetchObject() ) : ?>
<div class="row-<?php echo $row->id ?>">
//Some more of the data
</div>
<? endwhile; ?>
However, displaying only a little, I normally just echo it.
<?php echo "Hello, my name is <strong>Joe Doe<strong>"; ?>
I would encourage you to play with it and find what you like best.
The text editor i am using has the color formatting, when you are echoing things, it only all comes out the same color, so if you are outside of PHP you get the benefit of the color co-ordination.
Ever since i've used CakePHP, I asked myself about the deeper sense of the recommended syntax of CTP-files, which is basically a HTML-file with all PHP code bracketed with tags. I find this very hard to read and I should think that the context switches between HTML and PHP would add some performance penalty.
Wouldn't it be faster and clearer to collect all output in a string and echo it at the end?
But there is some deeper sense for sure, just that i don't see it..
To make myself clearer, here's an example:
CakePHP:
<?php if (!empty($file['User']['email'])): ?>
<div class="mailto"><?php echo $this->Html->link($file['User']); ?></div>
<?php endif; ?>
<?php if (!empty($file['Document']['comments'])): ?>
<div class="file-comment file-extra column grid_6">
<div class="content"><?php echo $file['Document']['comments']?></div>
</div>
<?php endif; ?>
My approach:
<?php
$out = '';
if (!empty($file['User']['email'])) {
$out .= '<div class="mailto">'.$this->Html->link($file['User']).'</div>';
}
if (!empty($file['Document']['comments'])) {
$out .= '<div class="file-comment file-extra column grid_6">'
.'<div class="content">'.$file['Document']['comments'].'</div>'
.'</div>';
}
echo $out;
?>
So my question is: What are the drawbacks to my approach compared to CakePHP's ?
First things first: writing your entire template as PHP, then echoing it is not a great idea. As a general rule of thumb, I avoid echoing HTML from PHP ever, if I can. there are many reasons, but the main one will be the lack of syntax highlighting in your IDE.
Anyway, code formatting is entirely down to personal preference, but if you're writing your templates like this:
<?php if (!empty($file['User']['email'])): ?>
<div class="mailto"><?php echo $this->Html->link($file['User']); ?></div>
<?php endif; ?>
<?php if (!empty($file['Document']['comments'])): ?>
<div class="file-comment file-extra column grid_6">
<div class="content"><?php echo $file['Document']['comments']?></div>
</div>
<?php endif; ?>
...it's no wonder you can't read them.
There are a few things you could try, to make your code clearer and easier to read. Again, these are down to your own personal preferences, and you could get into the habit of using some or all of them.
Format your HTML properly, with indentations for child elements.
Add white space between lines of code that are too busy, particularly between lines of PHP and lines of HTML.
Use short echo tags syntax (<?= instead of <?php echo).
Assign the more complex PHP values to variables so that your HTML is easier to read.
Remember to comment your code (HTML or PHP), particularly adding HTML comments so that you can easily see separate components of your template at a glance.
Example
<?php
$user = $file['User'];
$comments = $file['Document']['comments'];
?>
<!-- User -->
<?php if (!empty($user['email'])) : ?>
<div class="mailto"><?= $this->Html->link($user); ?></div>
<?php endif; ?>
<!-- File Comments -->
<?php if (!empty($comments)) : ?>
<div class="file-comment file-extra column grid_6">
<div class="content"><?= $comments; ?></div>
</div>
<?php endif; ?>
I have a loop in my view that outputs all the content gathered from the database:
<?php foreach($content as $contentRow): ?>
<?php
echo $contentRow->value;
?>
<?php endforeach; ?>
This works fine for HTML strings like:
<h2><strong>Example Text</strong></h2>
however I have some image content that I would like to display and I have tried the following database entries to no avail:
<img src="<?php echo site_url('pathToImage/Image.png'); ?>" alt="Cover">"
<img src="site_url('pathToImage/Image.png')" alt="Cover\">"
I feel like I am missing a step on how to use PHP values in this way.
How do I access the URL of the image and use that to show the image?
Full Code Edit
<?php
$CI =& get_instance();
?>
<div class="container">
<div class="row">
<div class="col-md-9">
<div class="col-md-2"></div>
<div class="col-md-20">
<!--<form class="form-center" method="post" action="<?php echo site_url(''); ?>" role="form">-->
<!-- <h2 class="">Title</h2>
<h2 class=""SubTitle/h2>-->
<?php echo $this->session->userdata('someValue'); ?>
<!--//<table class="" id="">-->
<?php foreach($content as $contentRow): ?>
<tr>
<td><?php
echo $contentRow->value;
?></td>
</tr>
<?php endforeach; ?>
<!--</table>-->
<!--</form>-->
</div>
<div class="col-md-2"></div>
</div>
</div>
</div><!-- /.container -->
and the values are being read out in $contentRow->value;
I have to verify this, but to me it looks like you are echo'ing a string with a PHP function. The function site_url() is not executed, but simply displayed. You can execute it by running the eval() function. But I have to add this function can be very dangerous and its use is not recommended.
Update:
To sum up some comments: The use of eval() is discouraged! You should reconsider / rethink your design. Maybe the use of tags which are replaced by HTML are a solution (Thanks to Manfred Radlwimmer). Always keep in mind to never trust the data you display, always filter and check!
I'm not going to accept this answer as #Philipp Palmtag's answer helped me out alot more and this is more supplementary information.
Because I'm reading data from the database it seems a sensible place to leave some information about what content is stored. In the same table that the content is stored I have added a "content type" field.
In my view I can then read this content type and render appropriately for the content that is stored. If it is just text I can leave it as HTML markup, images all I need to do is specify the file path and then I can scale this as I see fit.
I have updated my view to something akin to this and the if/else statement can be added to in the future if required:
<?php foreach($content as $contentRow): ?>
<?php if ($contentRow->type != "image"): ?>
<?php echo $contentRow->value; ?>
<?php else: ?>
<?php echo "<img src=\"".site_url($contentRow->value)."\">"; ?>
<?php endif; ?>
<?php endforeach; ?>
I'm using ACE Editor for a website which has been developed by Codeigniter framework. The problem is that after submitting the form, some tags attributes stripped.
HTML:
<form enctype="multipart/form-data" method="post" action="<?php echo site_url( 'admin/slider/populateFile')?>">
<div id="e1" style="display: none;">
<?php if(isset($sliderHTML)) { echo $sliderHTML; } ?>
</div>
<textarea class=" form-control" id="editorTextarea" name="sliderHTML" type="text" rows='20' wrap="off">
<?php if(isset($sliderHTML)) { echo $sliderHTML; } ?>
</textarea>
<pre id="editor"></pre>
</form>
PHP:
function populateFile()
{
$sliderHTML = $this->input->post('sliderHTML');
//echo $sliderHTML;
$filePath = 'application/views/admin/slider/sliderHTML.txt';
write_file($filePath, $sliderHTML, 'w');
redirect('admin/slider', 'location');
}
This is an example of what I'm trying to write in the code editor:
<img class="ls-l" style="top:195px;left:50%;white-space:nowrap;" data-ls="offsetxin:0;delayin:1720;easingin:easeInOutQuart;scalexin:0.7;scaleyin:0.7;offsetxout:-800;durationout:1000;" src="http://localhost:8080/afa/application/views/images/upload/slider/4978d-s1.jpg" alt="">
<p class="ls-l" style="top:150px;left:116px;font-weight: 300;height:40px;padding-right:10px;padding-left:10px;font-size:30px;line-height:37px;color:#ffffff;background:#82d10c;border-radius:3px;white-space:nowrap;" data-ls="offsetxin:0;durationin:2000;delayin:1500;easingin:easeOutElastic;rotatexin:-90;transformoriginin:50% top 0;offsetxout:-200;durationout:1000;">
FEATURES
</p>
But, the output will be like:
<img class="ls-l" data-ls="offsetxin:0;delayin:1720;easingin:easeInOutQuart;scalexin:0.7;scaleyin:0.7;offsetxout:-800;durationout:1000;" src="http://localhost:8080/afa/application/views/images/upload/slider/4978d-s1.jpg" alt="">
<p class="ls-l" 300;height:40px;padding-right:10px;padding-left:10px;font-size:30px;line-height:37px;color:#ffffff;background:#82d10c;border-radius:3px;white-space:nowrap;" data-ls="offsetxin:0;durationin:2000;delayin:1500;easingin:easeOutElastic;rotatexin:-90;transformoriginin:50% top 0;offsetxout:-200;durationout:1000;">
FEATURES
</p>
Notice that style attribute of img has been stripped, and this happens also for <p> but it stops on the space after font-weight:. I don't know why.
Any Ideas?
EDIT: Finally, I knew that this has nothing to do with the code editor. The problem was with xss_filtering in Codeigniter and this answer works for me. :)
I am not familiar with Ace in particular (i like Wysihtml5), but I think they have something in common.
Wysihtml5 strips html (you can select which). It makes sure the html output is clean.
In short, it's a function and apparently style is not permitted. You should permit that (if it has the option to)
You should escape value of $sliderHTML with htmlspecialchars before adding it to the document, otherwise it will create actual tags and break your page.
try putting "</textarea><script>alert('all your passwords belong to us')</script>" in place of $sliderHTML
I'm building my own little blogging platform as a practice/fun/exercise in PHP and MySQL. I'm currently using the following code to output the proper formatting (which works perfectly):
$rows=mysql_num_rows($postsresult);
for ($j=0 ; $j < $rows ; ++$j){
$row=mysql_fetch_row($postsresult);
echo <<<_END
<div class="titlebox"> $row[3] </div>
<div class="maincontent"> $row[2]
<div class="postclosercontainer">
<div class="postcloser">Sincerely, <br />
Samuel'<span>Explosion Festival</span>' Shenaniganfest </div>
</div></div>
_END;
}
However, I found that the while($info=mysql_fetch_array($postsresult){ would be easier to code for, as the data is stored by name instead of by array number (which, with any more than a few fields, becomes aggravating to remember).
I tried to update the code with the prior while loop, but found that when I went to pull the data from the array by name, it no longer functioned properly within the <<<_END tags.
For example: <div class="titlebox"> $data['title'] generates an error.
Is there any way to accomplish this within the <<<_END tags, or should I just use the print function for each line? On a another note, is this even proper coding technique? (I'm only an amateur.)
Better is to directly write HTML. This makes it easier to maintain your HTML and you might be able to use features from your IDE such as syntax highlighting or code completion.
Example:
<?php
// your other code
?>
<?php while(($info=mysql_fetch_array($postsresult))): ?>
<div class="titlebox"><?php echo $info['title']; ?> </div>
<div class="maincontent">
<?php echo $info['content']; ?>
<div class="postclosercontainer">
<div class="postcloser">Sincerely, <br />
Samuel'<span>Explosion Festival</span>' Shenaniganfest
</div>
</div>
</div>
<?php endwhile; ?>
I'm using the alternative syntax for control structures. It increases readability when dealing with HTML, especially if you have nested control structures (brackets are much more difficult to spot when embedded in HTML).