I'm trying to build a SQL statement using variables that were posted on a previous page (show the SQL statement for copy-pasting in a div using echo), however, the one statement is preventing me from doing it.
<?php
if (isset($_POST['locationName'])) {
echo $_POST['locationName'];
}
?>
As soon as I've put that in, the page refuses to load. It doesn't make any sense to me as I've got similar code throughout the page for the other input fields (to repopulate them after form submission).
As an exmaple: this works perfectly:
<input type="checkbox" name="lead" value="1" <?php if(isset($_POST['lead'])) echo "checked='checked'"; ?> />Lead Required<br>
I've been trying to change the quote types, and tried using htmlspecialchars as well as htmlentities in the echo, but each time I leave the in statement in, it breaks the page.
As soon as I comment that if statement out, the page loads again.
Here's the input field for the $_POST['locationName'] value:
<input required autofocus type="text" pattern="[a-zA-Z0-9-'\s\!\#\*]+" name="locationName" maxlength="100" size="67" placeholder="Place Name" value="<?php echo isset($_POST['locationName']) ? $_POST['locationName'] : '' ?>" />
<input type="checkbox" name="lead" value="1" <?php if(isset($_POST['lead'])){echo "checked='checked'";} ?> />Lead Required<br>
try to use braces and check
Related
1 Things first: My I have abbreviated htmlspecialchars() to h() in my custom API.
Have an input where everything else is showing up when I run <pre><?php print_r($_POST) ?></pre> But this particular input isn't
<input id="phone_description_<?php echo $phone_count; ?>" type="text"
name="phone[<?php echo $phone_count; ?>]['phone_description']"
value="<?php echo h($phone['phone_description']); ?>"
<?php
if ($phone['phone_description'] == 'Primary') {
echo ' disabled';
}
?>
placeholder="e.g. Adwords Tracking Number"
class="phone_desc"
/>
$phone_count is a counting variable in a foreach loop just FYI. Not really sure why an input with a name attribute isn't even showing up in the $_POST array.
Edit
Here is the code that is generated from the above code
<input id="phone_description_0" type="text" name="phone[0]['phone_description']" value="Primary" disabled placeholder="e.g. Adwords Tracking Number" class="phone_desc" />
The input will be skipped by POST when it is disabled. Use "readonly" instead.
I have a normal form in a PHP page, I send data to the php page from another for using POST. The PHP page runs some scripts to update data to SQL but on that page I have a second form that needs to be completed with data from the initial form prior to updating the SQL.
$recipient_nr = $_REQUEST['recipient_nr'];
Here I draw the info from the first form
Now I want to use this in a new form on the current PHP page how do I state this in the new form
<input type="text" name="recipient_nr" id="recipient_nr" value=".$recipient_nr.">
This is what I am attempting but it is not working I know I have too many "'" xxx"'" in the lines but not sure how to remidy this
Do you generate the new form in PHP? If so, where is the code where you do that?
If this is some kind of ...?> <input type="..."...> <?php ... page generation then you'll need to echo that $recipient_nr into the PHP-generated response:
...
?>
<input type="text"
name="recipient_nr"
id="recipient_nr"
value="<?php echo $recipient_nr; ?>">
<?php
...
Or, if you have short echos turned on,
...
?>
<input type="text"
name="recipient_nr"
id="recipient_nr"
value="<?= $recipient_nr ?>">
<?php
...
use this:
<input type="text" name="recipient_nr" id="recipient_nr" value="<?php echo $recipient_nr; ?>">
Something like this:
$recipient_nr = array_key_exists('recipient_nr', $_REQUEST)
? (string) $_REQUEST['recipient_nr']
: 'default value or empty string';
And output it:
<input type="text"
name="recipient_nr"
id="recipient_nr"
value="<?=$recipient_nr?>">
But if you want store this data for/between other pages you can use $_SESSION global array for save it.
<input type="radio" name="package" value="SOME_VALUE_HERE">
I am using Joomla but i think its something related to PHP. I have a form on my website, and it has RADIO button , what i want is when the user submits the form with that RADIO BUTTON selected, in place of the value (SOME_VALUE_HERE) , i want something else to get stored in the database. That something should a 10-15 liner text. Can i make a $PHP variable and assign that 10-15 liner text to that variable and use it in place of the value=(SOME_VALUE_HERE).
Example :
<input type="radio" value="$phpvariable">
Where $phpvariable is a 10-15 liner text!
Hope you got my point!
You need to use php-tags and echo the php variable in the value of the input:
Assign value to php variable:
<?php $phpvariable = 'SOME LONG TEXT HERE'; ?>
The input:
<input type="radio" name="package" value="<?php echo $phpvariable; ?>">
You will also need a name for your input so that you can get the value
My suggestion would be to try:
<input type="radio" name="package" value="<?php echo htmlspecialchars($name); ?>">
If that does not work, just create a hidden field:
<input type="hidden" name="packageHidden" value="<?php echo htmlspecialchars($name); ?>">
function htmlspecialchars prevents XSS attacks as well.
I have a form with the following structure:
<input type="text" name="projNo[1]" id="projNo[1]" value="<?php echo $row['ProjNo'
[1];>"
/>
<input type="text" name="projBudget[1]" id="projBudget[1]" value="<?php echo
$row['ProjBudget'][1]; ?>" />
<input type="text" name="projDateFrom[1]" id="projDateFrom[1]" value="<?php echo
$row['ProjDateFrom'][1]; ?>" />
<input type="text" name="projDateTo[1]" id="projDateTo[1]" value="<?php echo
$row['ProjDateTo'][1]; ?>" />
<input type="text" name="projNo[2]" id="projNo[2]" value="<?php echo $row['ProjNo'
[2];>"
/>
<input type="text" name="projBudget[2]" id="projBudget[2]" value="<?php echo
$row['ProjBudget'][2]; ?>" />
<input type="text" name="projDateFrom[2]" id="projDateFrom[2]" value="<?php echo
$row['ProjDateFrom'][2]; ?>" />
<input type="text" name="projDateTo[2]" id="projDateTo[2]" value="<?php echo
$row['ProjDateTo'][2]; ?>" />
There are two more groups like this with indexes 3 and 4. Upon submit, four separate records must be created in the DB if the user has filled in all four lines. My question is twofold: How would I structure my query to accomplish this? And: Have I set up my code correctly? When the form is loaded, I would like the correct output to be displayed. I've never been confronted with a request like this before, so I'm flying a bit blind.
Use PDO and prepared statements. Prepare a statement like this:
$s = $db->prepare('INSERT INTO PROJECT (no, budget, from, to) VALUES (?,?,?,?)')
Execute the statement for each set like this:
for ($i = 1; $i<=4; $i++) {
$s->execute(array($projNo[$i], $projBudget[$i], $projDateFrom[$i], $projDateTo[$i]));
}
(You need to add error checking and validation. This includes something that loads the stuff from $_POST to the arrays I used in the above example.)
Currently, you have a XSS security issue in your code. You cannot just echo stuff that comes from the user - you need to escape it. If you are putting it inside HTML, including double-quoted attribute values like in your case, use echo htmlspecialchars($_GET[...]);.
You may want to create a "htmlout" function that does nothing else than echo htmlspecialchars, just to have a nicer, easier-to-write name for it, and use it everywhere. That way, you can search your code for instances of "echo", and unless you have protected them otherwise, this indicates you probably need to add some escaping.
I retrieve three pieces of information from the database, one integer, one string, and one date.
I echo them out to verify the variables contain the data.
When I then use the variables to populate three input boxes on the page, they do not populate correctly.
The following do not work:
id: <input type="text" name="idtest" value=$idtest>
Yes, the variable must be inside <?php var ?> for it to be visible.
So:
id: <input type="text" name="idtest" value=<?php $idtest ?> />
The field displays /.
When I escape the quotes,
id: <input type="text" name="idtest" value=\"<?php $idtest ?>\" />
the field then displays \"\".
With single quotes
id: <input type="text" name="idtest" value='<?php $idtest ?>' />
the field displays nothing or blank.
With single quotes escaped,
id: <input type="text" name="idtest" value=\'<?php $name ?>\' />
the field displays \'\'.
With a forward slash (I know that's not correct, but to eliminate it from the discussion),
id: <input type="text" name="idtest" value=/"<?php $name ?>/" />
the field displays /"/".
Double quotes, escape double quotes, escape double quotes on left side only, etc. do not work.
I can set an input box to a string. I have not tried using a session variable as I prefer to avoid do that.
What am I missing here?
Try something like this:
<input type="text" name="idtest" value="<?php echo htmlspecialchars($name); ?>" />
That is, the same as what thirtydot suggested, except preventing XSS attacks as well.
You could also use the <?= syntax (see the note), although that might not work on all servers. (It's enabled by a configuration option.)
You need, for example:
<input type="text" name="idtest" value="<?php echo $idtest; ?>" />
The echo function is what actually outputs the value of the variable.
Solution
You are missing an echo. Each time that you want to show the value of a variable to HTML you need to echo it.
<input type="text" name="idtest" value="<?php echo $idtest; ?>" >
Note: Depending on the value, your echo is the function you use to escape it like htmlspecialchars.
From the HTML point of view everything's been said, but to correct the PHP-side approach a little and taking thirtydot's and icktoofay's advice into account:
<?php echo '<input type="text" name="idtest" value="' . htmlspecialchars($idtest) . '">'; ?>
If you want to read any created function, this how we do it:
<input type="button" value="sports" onClick="window.open('<?php sports();?>', '_self');">
I have been doing PHP for my project, and I can say that the following code works for me. You should try it.
echo '<input type = "text" value = '.$idtest.'>';