I have some var containing ', "
$var = "Hello \" World '";
<input type="text" value="<?= $var ?>" >
when browser render this code above we will see input element containing only 'Hello'.
how solve this problem without using special symbols like ” in Db strings must contain ', "
how solve this problem without using special symbols like ”
You don't, although rdquo is the wrong character reference to use in this case.
Run text through htmlspecialchars() to turn it into HTML before you insert it into an HTML document.
<input type="text" value="<?= htmlspecialchars($var) ?>">
HTML Entities is what you need.
This is similar to htmlspecialchars but if you require all input substrings that have associated named entities to be translated, use htmlentities() instead.
Here's Char html codes!
$var = "Hello \" World '";
I use html special char:
" - special html char - "
$var = "Hello " World '";
Result:
Hello " World '
Related
I have the following code:
<input type="text" name="nr_p_vac" value="<?php echo htmlspecialchars($row['nr_p_vac']); ?>">
where $row['nr_p_vac'] is test ' " / /n /t <>.
When I'm not using htmlspecialchars in the input there's only test ' (of course, because " is not escaped).
When I'm using the htmlspecialchars function the input has the correct value ' " / /n /t <> (because now ' and " are properly escaped).
But shouldn't the content of the input be transformed into something like test ' '"' etc.?
Is it ok to use htmlspecialchars in this case?
You can look the page source and you will see that the value is
' " / /n /t <>
It is ok to use it in your case
Already answered here:
How to properly escape html form input default values in php?
<?php echo nl2br($valueu->getarea($rows['province'].'|'.$rows['city'].'|'.$rows['area'],' ')); ?></td>
how to put a line break in between city and area when outputted to a browser.
Thanks
Use \n. Just add it with the sting like this I."\n" like pie.
You can also use nl2br like this echo nl2br("One line.\nAnother line.");
Try double quote "\n".
If you use single quote '\n', PHP will just interpret as a literal \n, but within double quote, it will parse it as an escape sequence (newline character) and echo it. More about strings here.
echo nl2br('Hello \n world');
// -> Hello \n world
echo nl2br("Hello \n world");
// -> Hello <br /> world
In a browser, you may need to use "<br/>" instead of a newline "\n".
echo($valueu->getarea($rows['province'].'|'.$rows['city'].'<br />'.$rows['area'],' '));
Something like that?
I am using this:
$variable = "Name is \"Bob\"";
$message = <<<EOF
<input type="text" value="$variable">
EOF;
And the result is :
Actually, this is synthetic example and I am working with db. But I tried: this synthetic example works (to simulate problem, actually it shows that what I am doing is not working).
Yes, the quotes will appear in the HTML.
Since the quotes will end the attribute value, you'll make the HTML invalid.
You need to make the variable HTML-safe with htmlspecialchars().
You are generating invalid HTML:
<input type="text" value="Name is "Bob"">
Please use htmlspecialchars() to encode $variable before insertion.
A heredoc is just a convenient shortcut for a multi-line echo. It doesn't care WHAT'S in the string, it'll just be output.
There is NO difference between the following two constructs:
$foo = "A string with an \" embedded quote";
echo <<<EOL
Hello, $foo, how are you
EOL;
echo "Hello, $foo, how are you";
The only real difference is that you don't have escape quotes in the rest of the string:
echo <<<EOL
This is a "quoted phrase" within a sentence
EOL;
echo "This is a \"quoted phrase\" within a sentence";
Currently I'm using the below snippet, which indent the resulting HTML by using several space characters:
add_filter('get_search_form', 'filter_search_form');
function filter_search_form($form) {
$form = ' <form role="search" method="get" id="searchform" action="' . home_url('/') . '"><input type="text" placeholder="' . __('Search') . '" value="' . get_search_query() . '" name="s" id="s"><input type="submit" id="searchsubmit" value="' . esc_attr__('Search') . '"></form>' . "\n";
return $form;
}
Now I've been reading some about whitespace characters (\t for tab, \n for newline, etc.), but I'm not entirely sure how to implement this in this situation.
I've tried using \s for a single space, but without any luck thusfar.
Being relatively new to PHP, I hope you could assist (preferably without using a 'regular' space character).
According to http://php.net/manual/en/regexp.reference.escape.php, the general hexadecimal escape sequence \x20 should work, as should \040 (octal).
Personally, though, I don't see much (if any) benefit to ever specifying spaces in this manner, as it would make your code less readable, IMHO. Just stick literal spaces inside your single- or double-quotes (like you have now) and be done with it.
Alternatively, if you're trying to use whitespace to indent the resulting HTML code (as it seems you are), doing so in units of \t isn't the end of the world.
Characters like \t and \n need to be in double quotes...
$string = "\t" . '<form></form>';
If you want to insert a tab before it you could use:
$string = "\t" . '<form>....';
(don't forget the double quotes, the single ones don't work with \t, \n and friends!)
If you want spaces, just use spaces!
$string = " " . '<form>....';
It's html code, so they will be present in the source code of your page. They won't ‘collapsed’ into a single space.
$city = 'London Paris Lisabona';
And i need print this string in textarea.
How print city in new line?
I need in textarea get this:
London
Paris
Lisabona
Code:
$city = 'London\nParis\nLisabona';
echo '<textarea>'.$city.'</textarea>';
result:
London\nParis\nLisabona
In general: Use \n for line breaks.
In your case (only works of cites don't consist of two words, i.e. each word must be a city):
$city = str_replace(' ',"\n", $str); // generates 'London\nParis\nLisabona'
Or if possible build the string with \n instead of spaces from the beginning.
Update:
Escaped character sequences like \n are only processed in double quoted strings. They are taken literally in single quoted strings (with two exceptions). Read more in the documentation:
To specify a literal single quote, escape it with a backslash (\). To specify a literal backslash, double it (\\). All other instances of backslash will be treated as a literal backslash: this means that the other escape sequences you might be used to, such as \r or \n, will be output literally as specified rather than having any special meaning.
Thus, you have to declare your strings as
$cities = "London\nParis\nLisabona";
Further note:
Whenever possible avoid echoing HTML with PHP. It makes it more difficult to debug the HTML. Instead, embed the PHP into HTML like so:
<?php
$cities = "London\nParis\nLisabona";
?>
<textarea><?php echo $cities; ?></textarea>
<?php
$city = "London\nParis\nLisabona";
?>
<textarea rows="3" cols="20">
<?php echo $city; ?>
</textarea>
$city = str_replace(' ', "<br />", $city);
If you echo it in HTML.
<textarea><?= str_replace(" ", "<br />", $city); ?></textarea>
If you want "\n" to be converted to line breaks, you need to use double-quotes instead of single quotes.
i.e.
$foo = 'a\nb\nc\n';
echo $foo;
> a\nb\nc\n
$foo = "a\nb\nc\n";
echo $foo;
> a
> b
> c
works in <textarea> form me, lines might get soft-wrapped though (but that is expected)