How to get the link of .html after the .$obj->product_name. ?
I have tried it as bellow. But it only shows the link of http://.com/forbiden insted of http://.com/forbiden rice.html where it cuts the rice.html
echo '<span class="product-name"><a href=products/'.$obj->product_name ."html". 'target=_blank>'.$obj->product_name.'</a></span></br>';
Try with urlencode($obj->product_name)
Hope that helps :)
Attribute values containing spaces must be quoted in HTML (and it is good practise to always quote your attribute values).
The space between forbiden and rice is terminating the attribute value.
URLs aren't allowed to have spaces in them anyway, so you should run the string through urlencode too.
You'll find it easier to deal with the quotes if you break out of PHP mode to output HTML instead of trying to mash it together in strings.
Also note that you should escape text content for HTML with htmlspecialchars as a defence against XSS.
$url = "products/" .urlencode($obj->product_name) . ".html";
?>
<span class="product-name">
<a
href="<?php echo htmlspecialchars($url); ?>"
target="_blank">
<?php echo htmlspecialchars($obj->product_name); ?>
</a>
</span>
<br>
Related
How do I include a php tag in an HTML attribute? I still find it quite tricky.
This is the HTML attribute:
src="https://customer.site.com/?language=en_US&portal=Default"
The thing is, ?language should accept a dynamic value. That value is stored in $lingos[$wmpl_langcode].
So I've been trying many variations and I'm still stuck.
I've got this now but it doesn't seem right.
src=<?php echo "https://customer.site.com/?language=" . $lingos[$wmpl_langcode] . "&portal=Default" ?>"
I don't want to waste any more time on it. Any tips would be great.
you was just missing one double quote and the ; at the end of the echo to end the instruction:
src="https://customer.site.com/?language=<?php echo $lingos[$wmpl_langcode]; ?>&portal=Default"
You are now missing quotes for the attribute.
This however would be perfectly fine:
src="<?php echo "https://customer.site.com/?language=" . $lingos[$wmpl_langcode] . "&portal=Default" ?>"
If you like it a bit more clean without confusing quotes:
<img src="https://customer.site.com/?language=<?php echo $lingos[$wmpl_langcode] ?>&portal=Default"/>
You should also think about urlencode():
<img src="https://customer.site.com/?language=<?php echo urlencode($lingos[$wmpl_langcode]) ?>&portal=Default"/>
To make it "more clean", you should use a templating engine.
When you directly use echo to print the dynamic link, the quotes are not present there.
Try this:
src="https://customer.site.com/?language=<?=$lingos[$wmpl_langcode] ?>&portal=Default"
OR
src="<?php echo "https://customer.site.com/?language=" . $lingos[$wmpl_langcode] . "&portal=Default" ?>"
Very unusual question.
I came across some code some years in the pass that was including conditions and normal PHP syntax while echoing all content.
My question is how is that Technic/syntax called. I have been googling with some very broad terms and can't find what im looking for.
If my memory is correct, The code I viewed long time ago had un-escaped HTML and it was not required to start and stop PHP processing with <?php ?>
I Have a method within a class called Template\Labels::User()
the only purpose of that method is to echo the proper html to create a label within my webapp so that the pages are lighten of code and clear to anyone viewing the code.
Id like to avoid, having to <?php ?> for very simple boolean if
Any one know what I am looking for ?
static function User($UserObj,$isLink = true){
?>
<div class="image label bg-purple" style="margin: 4px;">
<?php if($isLink){
?><a href=""><?php
} ?>
<img src="<?php echo $UserObj -> ProfilePicture; ?>" style="height: 2em;" class="img-circle" alt="User Image">
<label style="font-size: 90%"><?php echo $UserObj->FirstName{0}.$UserObj->LastName{0}; ?></label>
<?php if($isLink){
?></a><?php
} ?>
</div>
<?php
}
Edited
After some more research by going through PHP documentation on Operator
I found Nowdoc string quoting
Can someone shed some light onto Nowdocs are to single-quoted strings what heredocs are to double-quoted strings. A nowdoc is specified similarly to a heredoc, but no parsing is done inside a nowdoc. The construct is ideal for embedding PHP code or other large blocks of text without the need for escaping. It shares some features in common with the SGML
http://php.net/manual/en/language.types.string.php#language.types.string.syntax.nowdoc
Its good that you added code to your question so that we can all see what you are dealing with here. Now to me what I understand with your question is that you want to avoid using php tags to echo some html code based on if condition.
<?php
static function User($UserObj,$isLink = true){
$html = '<div class="image label bg-purple" style="margin: 4px;">';
if($isLink) $html .= '<a href="">';
$html .= '<img src="'.#$UserObj->ProfilePicture.'" style="height: 2em;" class="img-circle" alt="User Image">';
$html .= '<label style="font-size: 90%">'.#$UserObj->FirstName[0].#$UserObj->LastName[0].'</label>';
if($isLink) $html .= '</a>';
echo $html;
}
?>
In my thinking I thought you should just have to run php tags once and use a simple variable to add your html code to so that you can print at the end of the function.
I didn't understand some of your images but all the same your issue is printing unescaped html in PHP. In other words you want to have raw html.
There are two functions am thinking of right now which you can use depending on your desired output: html_entity_decode() and htmlentities().
html_entity_decode() is the opposite of htmlentities() in that it converts all HTML entities in the string to their applicable characters.
<?php $orig = "I'll \"walk\" the <b>d
$a = htmlentities($orig);
$b = html_entity_decode($a);
echo $a; // I'll "walk"
echo $b; // I'll "walk" the <b>
?>
Ref: http://www.php.net/html_entity_decode
I hope this helps solve your issue of unescaped html.
I have this variable $url that I need to print inside a quoted HTML that it's inside a PHP if conditional.
<?php
$url = $thumb['0'];
if ( in_category( 'News' )) {
//nothing here
} else {
echo '<div class="image-holder"><img src="$url;" alt="Post photo" class="image-border"></div>';
}
?>
But src="$url;" is interpreted as src="$url;" in the HTML code. It does not interpret as a variable.
How can I solve that?
you can concatenate strings with a dot in php
e.g
echo "This"."is"."a"."sample";
likewise with variables:
echo '<div class="image-holder"><img src="'.$url.'" alt="Post photo" class="image-border"></div>';
When working with strings in PHP, it's important to realize the distinction between single- and double-quoted strings.
Single-quoted strings are basically parsed as literal strings, regardless of what 'special' characters you might use. The only escape sequences are \' for a literal single quote and \\ for a literal backslash. PHP code is treated as simple text, and so are escape sequences like \n (the sequence for a unix newline). This is the format to use for simple string literals like 'Hello World!'.
Double-quoted strings are parsed completely, meaning \n is interpreted as a newline and $var is replaced with the value of the variable $var. So this is much more powerful, but you also have to think more about how your strings will be interpreted. If your interpreted php gets complicated (or is adjacent to non-php that might look like php), you can use braces to clarify your meaning.
Note that there are lots of reasons not to mix strings with php code. Often sprintf, heredoc, or simple concatenation (with .) make things much clearer, as suggested in several other answers.
I like to seperate the business logic from the output. This, in combination with PHP's alternative syntax for control structures, keeps your HTML output clean and easily readable.
See this example:
<?php
// Do some things here
$url = $thumb['0'];
// Below this point we output HTML
// Only use simple control structures here, this keeps your HTML clean and easy to read
?>
<?php if (in_category('News')): ?>
<?php else: ?>
<div class="image-holder"><img src="<?php echo $url; ?>" alt="Post photo" class="image-border">
</div>
<?php endif; ?>
Since the first part of the if-statement is empty, you can simplify the code:
<?php if (!in_category('News')): ?>
<div class="image-holder"><img src="<?php echo $url; ?>" alt="Post photo" class="image-border">
</div>
<?php endif; ?>
Use double quotes and surround your variable in curley braces example
echo "This is my variable. It equals {$var}";
you can do like this
echo '<div class="image-holder"><img src="'.$url.'" alt="Post photo" class="image-border"></div>';
or
echo "<div class='image-holder'><img src='$url' alt='Post photo' class='image-border'></div>";
If you need to work with large portions of HTML and don't want to have to change from double to single quotes [technically disallowed by HTML spec], or escape all of the double quotes [pain in the butt], or constantly drop in and out of <?php ?> tags [ugly, hard to maintain], then use a HEREDOC. eg:
echo <<<_end_
<div class="image-holder"><img src="$url;" alt="Post photo" class="image-border"></div>
_end_;
Variables are expanded, no quotes need escaping, and all of your dreams will come true.
Alternatively, you can stick with a single-quoted string and get cozy with printf() which is a fantastically useful function in its own right. eg:
printf('<div class="image-holder"><img src="%s;" alt="Post photo" class="image-border"></div>', $url);
Do this, (EDIT: simplified code)
<?php
$url = $thumb['0'];
if ( ! in_category( 'News' ) ) {?>
<div class="image-holder">
<img src="<?=$url?>" alt="Post photo" class="image-border" />
</div>
<?}?>
i am trying the following code in order to get the tag value to both in anchor and title. but code is ok with anchor text but showing only single char in title..
$tag=$info['name']." from ".$info['city'];
echo' <td class="title1" bgcolor="#F7F7F7"> <a title='.$tag; echo' href=details/';
echo $info['friendly_url'];
echo' >';
echo $tag;
echo'</a></td>';
please note that the tag value is something like "David from NW";
Thanks for your help.
You need quotes around the title value, otherwise the parts after the space will be interpreted as a (malformed) HTML attribute.
echo '<td class="title1" bgcolor="#F7F7F7">';
echo '<a title="'.$tag.'" href="details/' . $info['friendly_url'] . '">';
echo $tag;
echo'</a></td>';
It is good practice to use quotes to surround your HTML attributes to avoid situations like this.
That is butt-ugly code. Repeated echoes get to be impossible to maintain in short order. You could use a HEREDOC and make it pretty/legible at the same time:
echo <<<EOL
<td class="title1" bgcolor="#F7F7F7">
<a title="$tag" href="details/{$info['friendly_url']}">$tag</a>
</td>
EOL;
Any modern PHP-aware IDE will properly color the variables. And note how you can use quotes and variables within the heredoc, without having to do any nasty string concatenation.
I am building a picture gallery, that uses this code to display each product I have:
<div class="feature">
<imagetag alt="Image Caption"srcs="">
<div>
<p>
This is some information that can go along with an image.
Anything can be placed here, including images.
</p>
</div>
</div>
I need to create a while loop, that takes all the products in my database, and creates a div of the "feature" class for every instance. I have problems know exactly which symbols need to be escaped and etc. Your help is greatly appreciated.
here is my start:
<?php
($product_set = mysql_fetch_assoc($query)) {
print("<div class="feature"> <imagetage alt="Image Caption" srcs=$product_set[products_image]>"
);}
?>
If you are in a string, every doublequote should be escaped. Because it will close your string.
<?php
($product_set = mysql_fetch_assoc($query))
{
print "<div class=\"feature\"><img alt=\"Image Caption\" src=" . $product_set['products_image'] . ">";
}
?>
Fun thing is, I got a link from someone on stackOverflow about PHP templating. Which was using Smarty. So you don't have to use these print states anymore.
Have you tried:
print(htmlentities($my_html_string))
or htmlspecialchars? htmlentities converts all characters that have one to their HTML escape sequence, while htmlspecialchars converts only those that have meaning in HTML.