I have the following code.
echo "<label><input type='checkbox' data-path=".".".$infostatus['status'].""." id='name' class='new1' value=".$infostatus['status']."/>".$infostatus['status']."<span></span></label> </li>";
It produces this:
<input type="checkbox" data-path=".Deleted" without="" payment="" id="name" class="new1" value="Deleted">
Although I am trying to produce this:
<input type="checkbox" data-path=".Deleted without payment" id="name" class="new1" value="Deleted without payment">
I don't know what I am doing wrong here, I have tried just about everything.
First echo just the variable, and make sure it really is just "Deleted without payment". Once you have confirmed that, then you can wrap html around it. You most likely have some quotes in your variable's value which would end your data-path field.
Related
I encountered a very strange issue, that I never seen before. I have a loop and I echo the loop's output without any problems using or other similar tags:
<p></php echo $values[1];?></p>
it works like a charm, but when I try to echo the same value inside a text input strange things start to happen. The output inside an input is wrapped in tags.
<input type="text" value="<?php echo $values[1]; ?>"/>
gives me in result (that's how it looks like in web inspector in Chrome):
<input type="text" value=" <td>2.62</td>">
What did I do wrong??
Based on your comments then replace:
<input type="text" value="<?php echo $values[1]; ?>"/>
.. with:
<input type="text" value="<?php echo trim(strip_tags($values[1])); ?>"/>
It really sounds like a mistake that there can be HTML tags inside your variables and if this should not happen then of course this should be fixed
$values[1] contains the data
<td>2.62</td>
If your example is from your actual code, take notice that your first variable is $values[0] and the input one is $values[1]
I am trying to echo a string in a search box. However so far it only echos the first word of the string.
require 'search.php';
$searchQuery = $_GET['searchText'] ;
echo $searchQuery;//prints "this is a test"
$search = new Search();
$search->run($searchQuery);
.
.
<input name="searchText" type="text" id="searchText" size=70 value = <?php echo $searchQuery; // prints "this"?> />
Try adding quotes:
<input name="searchText" type="text" id="searchText" size="70" value="<?php echo htmlspecialchars($searchQuery); ?>"/>
As Esailija pointed out, escaping properly with htmlspecialchars() is a better solution and will ensure it prints the value correctly whatever the search may be.
You need to add quotes around the value of the 'value' attribute, as such:
<input name="searchText" type="text" id="searchText" size=70 value="<?php echo $searchQuery; // prints "this"?>" />
Otherwise this is what will render:
<input name="searchText" type="text" id="searchText" size=70 value = this is some sentent />
which defines value of the attribute named 'value' to be "this", and then creates more (meaningless) attributes "is", "some" and "sentence" which have no values. Quotes are important! You should also probably quote your size variable although it's not important in this case.
Also note that not inspecting and/or sanitizing the GET variable leaves you open to HTML/Javascript injection attacks -- if I provided the value word onClick='doSomething();' as the GET variable value, I could execute javascript on the client. If this were rendered as part of a comments section of a website as such, I could potentially inject other client's machines with arbitrary javascript.
[EDIT]
You can accomplish this by using htmlspecialchars as pointed out by Esailija. For more information about common web vulnerabilities and the reason for sanitizing GET variables, perhaps you should check out OWASP
It's happening because you don't have quotes around it, so what you're actually outputting is
<input ... value = this is a test />
So it's assigning the first token as the "value" property.
Try this:
<input ... value="<?php echo $searchQuery; ?>" />
Try this:
<input name="searchText" type="text" id="searchText" size="70" value="<?php echo $searchQuery; ?>" />
I'm trying to create a textbox that will be displayed on my website. When displayed, I'd like to show some data within the text box. Here is what I have
echo "<input type=\"text\" size=\"100\" value=\"\">";
All that shows up in the text box is <a href=
And then at the end of the text box, right after the text box I see ">
I know something must be syntactically off, just not sure what.
You must encode <, ", and > chars - they can't be embedded that way. Use:
echo '<input type="text" size="100" value="'.htmlspecialchars('').'">';
You may also use urlencode() function - see which suits you better.
One more tip - use single quotes when string contains HTML-like content. This will save you adding \" everywhere.
php_code ?>
<input type="text" size="100" value="<a href="e;<?=$url;?>"e;></a>\">
<?php
php_code
maybe this will work for you
Think of what the html would look like:
<input type="text" size="100" value="">
^
|
This is where the value attribute ends!
htmlspecialchars should solve it.
You have made some mistake. Your code will result in something like that (also visible in this jsfiddle):
<input type="text" size="100" value="">
Instead you can use something like that:
echo "<input type=\"text\" size=\"100\" value=\"<a href="$url"></a>\">";
or
echo '<input type="text" size="100" value="<a href="' . $url . '"></a>">';
to receive effect visible in this jsfiddle. Is it satisfying enough?
I retrieve three pieces of information from the database, one integer, one string, and one date.
I echo them out to verify the variables contain the data.
When I then use the variables to populate three input boxes on the page, they do not populate correctly.
The following do not work:
id: <input type="text" name="idtest" value=$idtest>
Yes, the variable must be inside <?php var ?> for it to be visible.
So:
id: <input type="text" name="idtest" value=<?php $idtest ?> />
The field displays /.
When I escape the quotes,
id: <input type="text" name="idtest" value=\"<?php $idtest ?>\" />
the field then displays \"\".
With single quotes
id: <input type="text" name="idtest" value='<?php $idtest ?>' />
the field displays nothing or blank.
With single quotes escaped,
id: <input type="text" name="idtest" value=\'<?php $name ?>\' />
the field displays \'\'.
With a forward slash (I know that's not correct, but to eliminate it from the discussion),
id: <input type="text" name="idtest" value=/"<?php $name ?>/" />
the field displays /"/".
Double quotes, escape double quotes, escape double quotes on left side only, etc. do not work.
I can set an input box to a string. I have not tried using a session variable as I prefer to avoid do that.
What am I missing here?
Try something like this:
<input type="text" name="idtest" value="<?php echo htmlspecialchars($name); ?>" />
That is, the same as what thirtydot suggested, except preventing XSS attacks as well.
You could also use the <?= syntax (see the note), although that might not work on all servers. (It's enabled by a configuration option.)
You need, for example:
<input type="text" name="idtest" value="<?php echo $idtest; ?>" />
The echo function is what actually outputs the value of the variable.
Solution
You are missing an echo. Each time that you want to show the value of a variable to HTML you need to echo it.
<input type="text" name="idtest" value="<?php echo $idtest; ?>" >
Note: Depending on the value, your echo is the function you use to escape it like htmlspecialchars.
From the HTML point of view everything's been said, but to correct the PHP-side approach a little and taking thirtydot's and icktoofay's advice into account:
<?php echo '<input type="text" name="idtest" value="' . htmlspecialchars($idtest) . '">'; ?>
If you want to read any created function, this how we do it:
<input type="button" value="sports" onClick="window.open('<?php sports();?>', '_self');">
I have been doing PHP for my project, and I can say that the following code works for me. You should try it.
echo '<input type = "text" value = '.$idtest.'>';
when I have a value like this in the database ("foo")
how can I echo it without any conflict with html code
notice
<input type="text" value="<? echo '"foo"'; ?>" />
the result will be like this
<input type="text" value=""foo"" />
how can I fix it ?
use urlencode
or htmlspecialchars
link
You can use htmlentities to overcome this problem like so:
<input type="text" value="<? echo htmlentities('"foo"'); ?>" />
this will return
<input type="text" value=""foo"" />
avoiding any conflict with html.
htmlspecialchars() basically, for example
<input type="text" value="<? echo htmlspecialchars($value, ENT_QUOTES); ?>" />
The ENT_QUOTES is optional and also encodes the single quote ' .
I used $value since I'm not sure what exactly you have in the database (with or without quotes?) but it will sit in some kind of variable if you want to use it anyway, so, I called that $value.
Since the above is a bit unwieldy I made a wrapper for it:
// htmlents($string)
function htmlents($string) {
return htmlspecialchars($string, ENT_QUOTES);
}
So you can
<input type="text" value="<? echo htmlents($value); ?>" />
Not to be confused with the existing htmlentities(), which encodes all non-standard characters. htmlspecialchars() only encodes &, <, >, " and ', which is more appropriate for UTF8 pages (all your webpages are UTF8, right? ;-).
First, don't use short tags ('
Next, your HTML is malformed because you've got an extra set of quotes. Since you seem to be taking the approach of embedding PHP into the HTML, then a quick fix is:
<input type="text" value="<?php echo 'foo'; ?>" />
...although since this value is coming from your database it will be stored in a variable, probably an array, so your code should look more like:
<input type="text" value="<?php echo $db_row['foo']; ?>" />
For clarity, most programmers would try to eliminate switching between PHP parsed and non-parsed code either using a template system like smarty or....
<?php
....
print "<input type='text' value='$db_row[foo]' />\n";
....
?>
(Note that
1) when the variable is within double quotes with a block of PHP, the value is automatically substituted
2) when refering to an associative array entry within a double quoted string, the index is NOT quoted.
HTH
C.
<?php
echo "<input type='text' value='{$foo}' />" ;
?>