Is it possible to insert an active link to an input textbox?
I tried using an <a> tag inside the value of html but its not working.
<?php $email = "example#link.com "; ?>
<input type="text" id="email" name="email" value="<?php echo $email; ?>">
It only returns the text without the hyperlink value.
A couple things are wrong here...
You're not escaping your quotes. Therefore the PHP is invalid.
You're trying to put HTML inside a attribute, which is also invalid.
The only alternative I could see being used here is an HTML element with contenteditable="true" applied. This makes it so an element (per say a <div>) can have it's content be modified.
<?php $email = "example#link.com "; ?>
<div id="fake-email" contenteditable="true"><?php echo $email; ?></div>
Then see this related question if you're doing a form.
Edit:
If you're trying to do a form, then this is one example:
document.getElementById("form").onsubmit = function(){
document.getElementById("email").value =
document.getElementById("fake-email").innerText || document.getElementById("fake-email").textContent;
}
While your form is:
<form action="..." method="..." id="form">
<div id="fake-email" contenteditable="true"></div>
<input type="hidden" id="email" name="email" />
</form>
No, it isn't possible. Input values will always be rendered as plain text. If the user doesn't need to edit the link I would just put it beside the input.
Otherwise you might want to look into WYSIWYG Editors. Links to two of the most popular below.
TinyMCE
CKEditor
You need to escape quotes when including it in your php variable.
<?php $email = "example#link.com "; ?>
You need to use a backslash when you're using double quotes.
Alternatively, you can write it as such:
<?php $email = 'example#link.com '; ?>
If you start with single quotes, then you don't need to escape the double quotes. \
I strongly suggest you read up on escaping characters when need be.
Related
When I use PHP to set the value of a HTML form input element, it works fine provided I don't have any spaces in the data.
<input type="text" name="username"
<?php echo (isset($_POST['username'])) ? "value = ".$_POST["username"] : "value = \"\""; ?> />
If I enter "Jonathan" as the username, it is repeated back to me as expected. If I enter "Big Ted", however, I only get "Big" repeated back when I submit the form.
Note that the $_POST["Username"] variable is correct; when I echo it using PHP, it is set to "Big Ted".
Quote it. Otherwise the space will just become an attribute separator and everything after spaces will be seen as element attributes. Rightclick page in webbrowser and view source. It should not look like this (also see syntax highlight colors):
<input value=Big Ted>
but rather this
<input value="Big Ted">
Not to mention that this would still break when someone has a quote in his name (and your code is thus sensitive to XSS attacks). Use htmlspecialchars().
Kickoff example:
<input value="<?php echo (isset($_POST['username']) ? htmlspecialchars($_POST['username']) : ''); ?>">
<input type="text" name="username"
<?php echo (isset($_POST['username'])) ? "value = '".$_POST["username"]' : "value = ''"; ?> />
You have to wrap the variable result with quotes, so that the browser can know what's the content of the input.
<input type="text" name="username"
<?php echo (isset($_POST['username'])) ? ('value = "'.$_POST["username"].'"') : "value = \"\""; ?> />
Be aware of your quote usage.
As you see its not PHP5 or even PHP question at all.
Basic HTML knowledge is obligatory for one who want to be a PHP user.
And with using templates it looks way more neat:
Getting data part code:
$username = "";
if isset($_POST['username'])) $username = htmlspecialchars($_POST["username"]);
And template code:
<input type="text" name="username" value="<?=$username?>">
If you divide your code to 2 parts it become way more supportable and readable.
just make sure you put the colon after the field for example :
<option value="'.$row['name'].'">
Used quotes and it worked.
On the other side, needed to use the following:
$param=preg_replace('/[^A-Za-z0-9 ]/','', $param);
I am trying to allow users to edit their biography and on the page I want the editable text from the DB to appear in the text box. How do I do this? Currently I have the text as a placeholder, but I want to make that editable.
Also for other, shorter fields like a users company name, when I insert the value as the placeholder (I don't want it to be editable like the bio so it doesn't resubmit every time), it can't display more than one word. How can I fix this.
Note: I wrote a function that only displays a value from SQL if there is one, else it displays a generic text, i.e. "bio" or "email"
Here is my function where $content is something like $_POST["bio"] and
<?php
function echo_content($content,$name)
{
if(!empty($content)){
echo($content);
}
else{
echo($name);
}
}
?>
Below is my html/php where $content is a value from SQL.
<div class="form-group">
<legend>Bio: </legend><textarea rows="4" cols="50" class="form-control" name="bio"
placeholder=<?php echo_content($content[0]["bio"],"Bio");?> type="text"/></textarea>
</div>
You're dumping a string into an html attribute, WITHOUT quotes, so basically you're producing:
<textarea ... placeholder=Four Score and Seven Years ago type="text">
so your placeholder is Four, and then there's a bunch of unknown/illegal attributes, Score, and, Seven etc...
Try
<textarea ... placeholder="<?php echo htmlspecialchars($var) ?>" ...>
instead. note the " and use of htmlspecialchars() to quote out html metachars.
In other words, you're basically suffering from a self-inflicted HTML injection wound.
Given the following two HTML/PHP snippets:
<input type="text" name="firstname" value="<?php echo $_POST['firstname']; ?>" />
and
<textarea name="content"><?php echo $_POST['content']; ?></textarea>
what character encoding do I need to use for the echoed $_POST variables? Can I use any built-in PHP functions?
Please assume that the $_POST values have not been encoded at all yet. No magic quotes - no nothing.
Use htmlspecialchars($_POST['firstname']) and htmlspecialchars($_POST['content']).
Always escape strings with htmlspecialchars() before showing them to the user.
htmlspecialchars would work in both cases. Have a look at the different flag options to avoid quotation marks being a problem in the input case.
Given it is kinda long I would put it in a function
<?PHP
function encodeValue ($s) {
return htmlentities($s, ENT_COMPAT|ENT_QUOTES,'ISO-8859-1', true);
}
?>
This has ENT_QUOTES to make sure single and double quotes are encoded, but it will also encode special characters (Like in José) instead of inserting an empty string.
Then you can do:
<input type="text" name="firstname" value="<?= encodeValue($_POST['firstname']) ?>" />
and
<textarea name="content"><?= encodeValue($_POST['content']) ?></textarea>
When I use PHP to set the value of a HTML form input element, it works fine provided I don't have any spaces in the data.
<input type="text" name="username"
<?php echo (isset($_POST['username'])) ? "value = ".$_POST["username"] : "value = \"\""; ?> />
If I enter "Jonathan" as the username, it is repeated back to me as expected. If I enter "Big Ted", however, I only get "Big" repeated back when I submit the form.
Note that the $_POST["Username"] variable is correct; when I echo it using PHP, it is set to "Big Ted".
Quote it. Otherwise the space will just become an attribute separator and everything after spaces will be seen as element attributes. Rightclick page in webbrowser and view source. It should not look like this (also see syntax highlight colors):
<input value=Big Ted>
but rather this
<input value="Big Ted">
Not to mention that this would still break when someone has a quote in his name (and your code is thus sensitive to XSS attacks). Use htmlspecialchars().
Kickoff example:
<input value="<?php echo (isset($_POST['username']) ? htmlspecialchars($_POST['username']) : ''); ?>">
<input type="text" name="username"
<?php echo (isset($_POST['username'])) ? "value = '".$_POST["username"]' : "value = ''"; ?> />
You have to wrap the variable result with quotes, so that the browser can know what's the content of the input.
<input type="text" name="username"
<?php echo (isset($_POST['username'])) ? ('value = "'.$_POST["username"].'"') : "value = \"\""; ?> />
Be aware of your quote usage.
As you see its not PHP5 or even PHP question at all.
Basic HTML knowledge is obligatory for one who want to be a PHP user.
And with using templates it looks way more neat:
Getting data part code:
$username = "";
if isset($_POST['username'])) $username = htmlspecialchars($_POST["username"]);
And template code:
<input type="text" name="username" value="<?=$username?>">
If you divide your code to 2 parts it become way more supportable and readable.
just make sure you put the colon after the field for example :
<option value="'.$row['name'].'">
Used quotes and it worked.
On the other side, needed to use the following:
$param=preg_replace('/[^A-Za-z0-9 ]/','', $param);
I have a javascript character counter that I use inside of a text area. It works great in normal html, but when I put the exact same code inside of a text area inside php, nothing.
Here it is in html when it works fine:
<div id="counter">
<span id="counter_airway" style="font-size:11px; color:#666666;">140 Character Limit</span>
</div>
<div id="grapvine_text">
<form name="CommentBox" method="post" action="Profile.php?id=<?php echo $prof->id; ?>">
<textarea name='airway' class='round_10px' onkeyup="limit_length(this,140,'counter_airway');"></textarea>
</form>
Here it is implemented inside my php form:
<div id="commentBoxBlog">
<form name="CommentBox" method="post" action="Profile.php?id=<?php echo $prof->id; ?>">
<?php
if($auth->id == $prof->id) {
echo "<div id='counter'>
<span id='counter_airway' style='font-size:11px; color:#666666;'>140 Character Limit</span>
</div><textarea name='airway' class='round_10px' onkeyup='limit_length(this,140,'counter_airway');'></textarea>
<input type='submit' name='commentProfileSubmit' value='Exhale' class='post'/>";
}
elseif(!$auth) {
echo "<textarea name='ProfileComment' class='round_10px' disabled>Please sign in to comment...</textarea>";
}
elseif($auth->id != $prof->id) {
echo "<textarea name='ProfileComment' class='round_10px'></textarea>
<input type='submit' name='commentProfileSubmit' value='Exhale' class='post' />";
}
?>
</form>
</div>
</div>
need to escape the quote, instead of:
onkeyup='limit_length(this,140,'counter_airway')
you can do:
onkeyup='limit_length(this,140,\"counter_airway\")'
You've got a quote nesting issue. You're surrounding the onkeyup attribute of the textarea with single quotes, but also using single quotes inside that javascript snippet. Since you're using double quotes for the PHP string, use escaped double quotes (\") within your javascript snippet.
Of course, it would be even better to separate javascript into an external file, and bind to the keyup event. You could do this easily by assigning an id to your textarea, and calling the following sometime after the DOM is ready:
var textarea = document.getElementById('myTextarea');
textarea.onkeyup = function() { limit_length(this,140,'counter_airway'); }
PHP works entirely on the server side. Your browser never sees a trace of PHP, just the HTML code generated by your PHP script. Javascript works entirely on the client side.
Whether your HTML comes from coding by hand, or a HTML script, is essentially not important. What you need to look at is the HTML that your script produced in the browser's "View Source" mode. Please post that into your question as well.
You have changed some of the double quotes to single quotes. This will cause errors, for example here:
onkeyup='limit_length(this,140,'counter_airway');'
Compare this to the original:
onkeyup="limit_length(this,140,'counter_airway');"
You need to escape the quotes rather than changing them:
onkeyup=\"limit_length(this,140,'counter_airway');\"