Let's say in my db it is a field NAME which contains text with single and double quotes:
TEST1 "TEST2" 'TEST3'
now I want to edit this value in a form with below code:
<label for="name">Full name</label>
<?php $test = $data['name']; ?>
<input type="input" name="firma_oficjalnie" value="<?= $data['name'] ?>"/><br />
<input type="submit" name="submit" value="Submit" />
The problem is that displayed data not contains single or double quotes.
How to do it properly?
Try this:
Add htmlspecialchars() on the variable.
<label for="name">Full name</label>
<?php $test = "TEST1 \"TEST2\" 'TEST3'"; ?>
<input type="text" name="firma_oficjalnie" value="<?php echo htmlspecialchars($test); ?>"/><br />
<input type="submit" name="submit" value="Submit" />
Under the hood:
What happens is that it closes the value improperly since attribute has quotations inside, thats why the values get cut.
Your markup without function:
<input type="text" name="firma_oficjalnie" value="TEST1 " test2"="" 'test3'"="">
Related
I am creating a pizza ordering site with php. Now I want to echo the variable passed through the URL within the form. I know how to retrieve this data: <?php echo $_GET["numpizzas"]; ?>. But I don't know the proper way to add it to my html form field. any help is much appreciated
<?php
echo
'<form action="pizza.php" method="post">
<h1>Thanks for Ordering. Please submit your delivery info.</h1>
<label>Name:</label> <input type="text" name="name">
<label>Address:</label> <input type="text" name="address">
<label>Phone:</label> <input type="text" name="phone">
<label>Money: </label><input type="text" name="money" value="<?php echo "hi"; ?>" >
//Money field does not populate with number, I just see <?php echo $_GET[
<label>Feedback:</label> <input type="text" name="feedback">
<input type="submit" value="Submit">
</form>';
?>
<?php echo $_GET["numpizzas"]; ?>
I also tried storing the integer in a variable $howmanypizzas = $_GET["numpizzas"]; ?>but it still doesn't show up as the field value.
<?php echo $_GET["numpizzas"]; ?> does not only retrieve the data. echo also outputs it to the html response (the screen)
since you are allready passing your html with an ECHO, you can do:
<?php
echo
'<form action="pizza.php" method="post">
<h1>Thanks for Ordering. Please submit your delivery info.</h1>
<label>Name:</label> <input type="text" name="name">
<label>Address:</label> <input type="text" name="address">
<label>Phone:</label> <input type="text" name="phone">
<label>Money: </label><input type="text" name="money" value="'.$_GET["numpizzas"].'" >
<label>Feedback:</label> <input type="text" name="feedback">
<input type="submit" value="Submit">
</form>';
?>
Explanation: echo is a function that recieves a string and outputs it to html.
So, with the concatenation operator . you can inject the $_GET["numpizzas"] variable into your html, as a string, and pass it to the echo function, wich outputs it to the browser.
Another way to solve it is to only invoke PHP where you need to process your logic, just like #pavithra answer, wich also works.
You're already echoing and trying to echo inside of that. You need to concatenate your variable with the string that you are echoing, see PHP Strings:
echo
'<form action="pizza.php" method="post">
<h1>Thanks for Ordering. Please submit your delivery info.</h1>
<label>Name:</label> <input type="text" name="name">
<label>Address:</label> <input type="text" name="address">
<label>Phone:</label> <input type="text" name="phone">
<label>Money: </label><input type="text" name="money" value="' . $_GET["numpizzas"] . '">
<label>Feedback:</label> <input type="text" name="feedback">
<input type="submit" value="Submit">
</form>';
You might also consider Heredoc syntax.
<input type="text" name="money" value="<?php echo $_GET["numpizzas"]; ?>" />
but i dont get why do you get this is as a get variable.hope this works
<form action="pizza.php" method="post">
<h1>Thanks for Ordering. Please submit your delivery info.</h1>
<label>Name:</label> <input type="text" name="name">
<label>Address:</label> <input type="text" name="address">
<label>Phone:</label> <input type="text" name="phone">
<label>Money: </label> <input type="text" name="money" value="<?php echo $_GET["numpizzas"]; ?>" />
<label>Feedback:</label> <input type="text" name="feedback">
<input type="submit" value="Submit">
</form>
So I have a form which is build up like:
<input name="website['menu']['id']" type="number" value="1">
<input type="text" value="#000000" name="website['color']['primary']['hex']">
Now i want to read out those values in php after they are submit.
I tried the following code, but when I var_dump it it gives me null.
if (isset($_POST['website'])) {
$result = $_POST['website'];
var_dump($result['menu']['id']);exit;
}
Remove the quote from field name
<input name="website[menu][id]" type="number" value="1">
<input type="text" value="#000000" name="website[color][primary][hex]">
And access the variable in php like:
echo $_POST['website']['menu']['id'];
Try this,
<?php
print_r($_POST['website']);
print_r($_POST['website']['menu']['id']);
?>
<form action="" method="POST"/>
<input name="website[menu][id]" type="number" value="1">
<input type="text" value="#000000" name="website['color']['primary']['hex']">
<input type="submit" value="submit"/>
</form>
I'm new to this PHP thing. Trying to escape some php script in a form and can't figure out how to do it.
I've tried all different combinations of \' and \" but I'm stuck. Please the relevant portion of script and advise what I'm doing wrong.
This is the example of input:
<label for="fullName">Full Name : </label>
<input type="text" name="fullName" id="fullName" value=\' "<?php echo $C_fullName ?>" \' />
And this is the rest of the display/redisplay part of the script so you can see it in context...
//Redisplay/Display form
$self = htmlentities($_SERVER['PHP_SELF']);
$displayOutput .= '
<form action="' . $self . '" method="post">
<fieldset>
<div>
<label for="fullName">Full Name : </label>
<input type="text" name="fullName" id="fullName" value=\' "<?php echo $C_fullName ?>" \' />
</div>
<div>
<label for="email"> Email :</label>
<input type="email" name="email" id="email" />
</div>
<div>
<label for="mailFormat">Mail Format</label>
<select name="mailFormat" id="mailFormat">
<option value="plain">Plain text</option>
<option value="html">HTML</option>
</select>
</div>
<div>
<input type="checkbox" name="terms" id="terms" value="yes" />
<label for="terms">Tick this box to confirm you have read our terms and conditions</label>
</div>
<div>
<input type="submit" name="submit" value="submit" />
</div>
</fieldset>
</form>';//close form
try to change this line of code
<input type="text" name="fullName" id="fullName" value=\' "<?php echo $C_fullName ?>" \' />
to
<input type="text" name="fullName" id="fullName" value="'.$C_fullName.'" />
and apply this change at other places
The problem is that you are trying to escape into PHP evaluation from within PHP. That doesn't make sense.
When a document is parsed, it is interpreted as normal, verbatim text until the interpreter hits an escape sequence like <?php. Everything until the closing ?> (or till the end of file) is interpreted as PHP. That's why putting another <?php opening sequence into your code is nonsensical.
The form markup in above code is build as a PHP string. What you are trying to do is to create a string and concatenate a variable into it. PHP offers multiple ways to do this. The simplest, in your case, is to use the concatenation operator .. Close the string, concatenate the variable, and concatenate the rest of the string.
… value="' . $C_fullName . '" …
It's no different than the action definition in the first line.
You might also want to look at the heredoc syntax, it can be quite useful for situations like yours.
You can give a try with the following code :
$displayOutput .= '
<form action="' . $self . '" method="post">
<fieldset>
<div>
<label for="fullName">Full Name : </label>
<input type="text" name="fullName" id="fullName" value='; echo $C_fullName; $displayOutput .=' />
</div>
<div>
<label for="email"> Email :</label>
<input type="email" name="email" id="email" />
</div>
<div>
<label for="mailFormat">Mail Format</label>
<select name="mailFormat" id="mailFormat">
<option value="plain">Plain text</option>
<option value="html">HTML</option>
</select>
</div>
<div>
<input type="checkbox" name="terms" id="terms" value="yes" />
<label for="terms">Tick this box to confirm you have read our terms and conditions</label>
</div>
<div>
<input type="submit" name="submit" value="submit" />
</div>
</fieldset>
</form>';
I'm trying to create a search box that would have 4 inputs but output as one search. Here is my current code:
<form method="get" id="searchform" action="http://sitename.com/">
<input type="text" name="s" />
<input type="text" name="a" />
<input type="text" name="b" />
<input type="text" name="c" />
<div class="clear_space"></div>
<input type="submit" class="submit" name="submit" id="searchsubmit" value="Search" />
</form>
But that outputs like this in wordpress: /?s=milk&a=eggs&b=cheese&c=garlic&submit=Search
But I need it to output like this: /?s=milk+egg+cheese+garlic&submit=Search
So somehow those additional inputs need to add their text to the first ?s= with just a +... Any help is massively appreciated.
Are you kidding??
The + that you are seeking is simply a space. Have one text field, and when the form is submitted the spaces in between the words will be converted into +.
Wow, you have a lot of problems, but before we get deep into them let me tell you that your "output" is in fact a get parameter, or a URL. Now you should NEVER use the same id for different tags (!!!). If you think about a valid reason to do that, then think again.
Change your form as follows:
<form method="get" id="searchform" action="http://sitename.com/">
<input type="text" class="field" placeholder="Search" />
<input type="text" class="field" placeholder="Search" />
<input type="text" class="field" placeholder="Search" />
<input type="text" class="field" placeholder="Search" />
<input type="hidden" name="s" id="s" />
<div class="clear_space"></div>
<input type="submit" class="submit" name="submit" id="searchsubmit" value="Search" />
</form>
and then implement a form submit event to calculate your value and assign to your input field. Cheers.
EDIT:
Use the following js code to run before you submit your form:
//...
var value = "";
$(".field").each(function(){
value += ((value !== "") ? (" ") : ("")) + $(this).val();
});
$("#s").val(value);
//...
I have the following code, copied exactly from a exercise from a PHP book. I am having a problem with the value attribute which contains a php echo statement. According to the book, the first time the page is loaded the input boxes should be empty because the variables won't contain any data. Instead, I see something like this:
<br /><b>Notice</b>: Undefined variable: investment in <b>C:\xampp\htdocs\book_apps\ch02_future_value\index.php</b> on line <b>20</b><br />.
Any suggestions?
<form action="display_results.php" method="post">
<div id="data">
<label>Investment Amount:</label>
<input type="text" name="investment"
value="<?php echo $investment; ?>"/><br />
<label>Yearly Interest Rate:</label>
<input type="text" name="interest_rate"
value="<?php echo $interest_rate; ?>"/><br />
<label>Number of Years:</label>
<input type="text" name="years"
value="<?php echo $years; ?>"/><br />
</div>
<div id="buttons">
<label> </label>
<input type="submit" value="Calculate"/><br />
</div>
</form>
This is because you are expecting the register_globals directive to be set, while it is not.
This means you have to get $_POST['investement'] instead of $investment and you need to first check if it's been submitted:
$investment = array_key_exists('investment', $_POST) ? $_POST['investment'] : "";