I'm trying to add a direct link to the genomic region of each gene on a table generated with mysqli data, but can't figure out the way. The idea is that every gene name has a hyperlink to it's region on a genome browser.
The problem comes when I have to generate the link dynamically for each gene depending on the gene selected by the user.
I've tried this:
echo '<td><a href="http://genome.ucsc.edu/cgi-bin/hgTracks?"'.urlencode($genome.$row['name2'])'>'$row['name2']'</a></td>';
$genome is the par of the url specific for each species and assembly, and $row['name2'] is the name of each gene.
I complete my previous comment with some advice - maybe this is the answer to your question.
1. How to use echo
You should separate each part of the echo function by a separator.
The common separator is the coma ,. Of course, you can also concatenate with a dot .
echo 'a', 'b', 'c', $var, 'con'ca' . 'tenated';
Tips: use the coma only for echo instruction. It's faster :)
2. Issues on your code
If I take your generated output, you should have something like this - with **cho* corrections:
<td><a href="http://genome.ucsc.edu/cgi-bin/hgTracks?"%20gen%20The+name>The name</a><td>
As you can see, the link is http://genome.ucsc.edu/cgi-bin/hgTracks?. The content after the " is ignored.
Solution: Move to the dynamic part of the link, at the correct place :)
You had your quote double quote in wrong location if there are additional problems will need more info
// Yours
echo '<td><a href="http://genome.ucsc.edu/cgi-bin/hgTracks?"'.urlencode($genome.$row['name2'])'>'$row['name2']'</a></td>'
// Fixed Quote
echo '<td>'$row['name2']'</td>';
Related
I'm trying to mix <?php echo do_shortcode('[...]') with a field from Advanced Custom Fields within Wordpress.
So basically what I'm trying to do is give the user a text field in the page edit screen where she can paste in the ID of a youtube vide. This field will then update my do_shortcode to display the correct video.
I'm not sure what I'm doing wrong considering I've done this several times before and been succesful. I do have a feeling I'm not escaping the string correctly?
<?php echo do_shortcode('[video_lightbox_youtube video_id="' . the_field("youtube_video") . '" width="640" height="480" anchor="Play Video"]'); ?>
Anyone able to lead me in the right direction? :)
EDIT
The code above returns q_cHD1lcEOo with multiple spaces in front of it as well as this: "Error! You must specify a value for the Video ID, Width, Height parameters to use this shortcode!" That's why I was thinking I'm not escaping it correctly as these are all specified.
I'll add that if I remove the_field("...") and replace it with just an ID it displays perfectly.
SECOND EDIT
Since I was not supposed to echo it, I was using the wrong function to get the field. Instead of using the_field() which prints the value, I was supposed to use get_field() to simply return it to the string.
Your question is somewhat unclear, but I'm also 20 hours without sleep.
Anyways, as far as mixing PHP within a PHP string, there's numerous ways to do it..
You can use concatenation or { } within the string itself.
For example, say we want to echo out the property of an object within a string.
We could do the following
echo "This is my property " . $object->property;
Or, we can do this
echo "This is my property {$object->property}";
You can even do cool things like access associative arrays within strings like so
echo "This is my property {$object->property['cool']}";
Hopefully this leads you in the ride direction.
At first glance it looks like you should be using get_field instead of the_field. the_field will print without being prompted, whereas get_field will return its value, which is what you want.
I see you've also mentioned whitespace at the start, you should consider wrapping the function in trim.
See below:
<?php echo do_shortcode('[video_lightbox_youtube video_id="' . trim(get_field("youtube_video")) . '" width="640" height="480" anchor="Play Video"]'); ?>
I have the following code in my php file:
print "<a onmouseover=document.getElementById('merchantlogo').src='/store/logos/".$infobrand['merchant']."' href='/merchant/".$infobrand['merchant']."'>".$infobrand['merchant']." (".$infobrand['Total'].")</a>"
What I'm trying to do is have image box "merchantlogo" change to $infobrand['merchant'] on hover.
The problem is that the names of the merchants have spaced in their names, that I can't easily change.
It appears that these spaces are causing problems and are been treated separately.
Here's how it appears on page source:
<a onmouseover=document.getElementById('merchantlogo').src='/store/logos/Next Day DIY' href='/merchant/Next Day DIY'>Next Day DIY (667)</a>
I think there needs to be quote marks after the onmouseover? I'm new to PHP and am unsure how to add these in?
Any info would be really helpful!
Cheers
Chris
Change this
print "<a onmouseover=document.getElementById('merchantlogo').src='/store/logos/".$infobrand['merchant']."' href='/merchant/".$infobrand['merchant']."'>".$infobrand['merchant']." (".$infobrand['Total'].")</a>"
to
print "<a onmouseover=\"document.getElementById('merchantlogo').src='/store/logos/".$infobrand['merchant']."'\" href='/merchant/".$infobrand['merchant']."'>".$infobrand['merchant']." (".$infobrand['Total'].")</a>"
From a form, I'm asking the user to enter some text. I will retrieve this text using $_POST['text'].
The user enters the string "It's my text!"
$newText = mysql_real_escape_string($_POST['text']);
Now on the very same page after I've inserted $newText into the database I want to display
the text to the user and also use it as the value of an input text box using PHP.
// I want to make sure the user hasn't added any unsafe html in their string
$newText = htmlentities($newText);
echo "You've entered: " . $newText . "<br />";
echo "<form action=someaction.php method=post>";
echo "<input type=text value=\"" . $newText . "\">";
echo "</form>";
The output is:
You've entered: It\'s my text!
[It\'s my text!]
How do I avoid these slashes, and should I be doing anything else with my data?
You're passing the text through mysql_real_escape_string() which, as the name suggests, escapes the string, including apostrophes. mysql_real_escape_string() is meant only for preparing the data for saving to database. You shouldn't use it when displaying data to the user.
So, the solution is simple: remove the line and use htmlentities() only. Use mysql_real_escape_string() when you're saving the string to database (and only then).
Only use mysql_real_escape_string() on the variable you want to use in the query, because it will add slashes to escape some of the characters in the string. This works great for mysql, but when want to use it on the page it will look weird.
You could make 2 variables, 1 for MySQL and 1 for displaying the raw text.
$text = $_POST['text'];
$db_text = mysql_real_escape($text);
Also note that you should use strip_slashes() on the data you get from the database later, to remove the slashes.
Hope this clear things up a little bit.
Now on the very same page after I've inserted $newText into the database I want to display the text to the user
That's what you are doing wrong.
An HTTP standard require a GET method redirect after every successful POST request.
So, you have to redirect the user on the same page, where you may read inserted data from the database and show it to the user.
As for the mistake you made - just move escaping somewhere closer to the database operations, to make sure it is used only for the purpose (YET it is used obligatory, without the risk of forgetting it!).
Ideally you have to use some variables to represent the data in the query, and some handler to process them.
So, the query call may look like
DB::run("UPDATE table SET text=s:text",$_POST['text']);
where s:text is such a variable (called placeholder), which will be substituted with the $_POST['text'] value, properly prepared according to the type set in the placeholder name (s means "string", tells your function to escape and quote the data)
So, all the necessary preparations will be done inside and will spoil no source variable.
save normally using mysql_real_escape_string()
and when you want to display it in a form:
htmlspecialchars(stripslashes($row['text_data']))
it will do the trick.
I need to generate a link with a Javascript confirmation dialog using Symfony's link_to() method. The confirmation dialog text gets some of it's content from a database entry:
<?php echo link_to( "click here", 'category/delete?id='.$id, array( 'confirm' => 'Are you sure you want to delete the category: '.$category->getName().'?' ) ) ?>
But if the database entry has a single quote in it, the confirm dialog doesn't work because the generated JS is surrounded with single quotes. So if I have a category called "John's Articles", the generated JS starts like this:
<a onclick="if (confirm('Are you sure you want to delete the category: John's Articles?')) { var f = document.createElement('form'); f.styl.... etc... "
So, the single quote in there screws up the confirmation, etc...
Anyways I thought I would simply run $category->getName() through addslashes() but it didn't add any slashes... I also tried saving out the category name as a separate variable ahead of time and adding slashes to that. But it didn't add any. Then I started looking at Symfony's escaping methods and found methods like esc_entities() but they resulted in the text looking like John's Articles.
What do I do? All I want to do is add in a single slash before single quotes in that string. I never tried str_replace("'","\'",$category->getName()) but THAT didn't even do anything. I can create my own basic string in my template like Alex's Test and addslashes() to it just fine. It's just this value from the database that I can't add any slashes to.
When I look at the value in the database, it looks just like John's Articles. There are no special characters or encoded characters.
What am I missing here?
UPDATE
I've tried the following code with the following results:
echo $category->getName()."<br/>";
echo addslashes($category->getName())."<br/>";
$tmp = $category->getName();
echo addslashes($tmp)."<br/>";
$tmp = addslashes($category->getName());
echo $tmp."<br/>";
$tmp = "Testing's the Testing";
echo addslashes($tmp)."<br/>";
$tmp = str_replace("'","\\'",$category->getName());
echo $tmp;
Results:
John's Articles
John's Articles
John's Articles
John's Articles
Testing\'s the Testing
John's Articles
The values from the database simply will not get slashes added to them...
Seems like you just use
addslashes($category->getName())
But you need assign returned value to other variable, ex.
$nameWithSlashes=addslashes($category->getName())
use json_encode() when inserting into Javascript. It's specifically intended to turn arbitrary data structures into syntactically valid Javascript.
<?php echo link_to( ....snip snip... category: '. json_encode($category->getName()) .'?' ) ) ?>
^^^^^^^^^^^^ ^
will take care of the problem, without any "risky" regexes/string replacements.
i have already succesfully translated some quotes via my translation function __(); and now I want to echo only one of those quotes at random. All quotes are separated in this string with a special character like a |
Sofar I only have this. What code could should go below this tackle my random echo?
$quotes =
__("IF YOU MAKE EVERYTHING BOLD, NOTHING IS BOLD") . "|" .
__("Quality of design is an indicator of credibility") . "|" .
__("People ignore design, that ignores people");
(An important restriction: it is essential that the quotes be exactly closed with __(" and "); sothat they can be checked and translated.) __($variable) doest not work with current clean up scripts that I have bought so these won't work.
You're already calling __() on each of your quotes individually, why not save all the extra translating and do something like:
$quotes = array('quote1', 'quote2', 'quote3');
$index = array_rand($quotes);
echo __($quotes[$index]);
Edit: To satisfy your other requirement, that the call to __() must immediately surround each string, you could do this:
$quotes = array(__('quote1'), __('quote2'), __('quote3'));
$index = array_rand($quotes);
echo $quotes[$index];
The big downside here is that you're now looking up a translation for every string in that array, even though only one is printed, but that's the same situation you had in the "one big string" solution.
Why don't you keep them in an array and translate only what is actually outputted?
$quotes = array(
"IF YOU MAKE EVERYTHING BOLD, NOTHING IS BOLD",
"Quality of design is an indicator of credibility",
"People ignore design, that ignores people",
);
$randomQuote = $quotes[ rand(0, count($quotes)-1)];
echo __($randomQuote);
Why the biscuits are they all in one string, and not an array? Your problem would be immediately solved if this was the case. As stands, split in | and index randomly into the array created to pick a random quote.