I have a data stored in database valued xy". When I print this value in tag, or quote sign is visible. But when i output this value in input field, double quote isn't visible(it's still in database).
<input type="text" value="<?php echo $value ?>" />
The interesting thing is, when I use 2 single qoutes, output is equal to the value in database(xy''). Any ideas
Try this one
<input type="text" value="<?php echo htmlspecialchars($value) ?>" />
Related
My query extract a data value from mysql table where are a double quote in the text.
Select mytitle from title_table
The result is: This is my title: "for school"
This value I want to put inside a text field, but is truncated in this position This is my title:
I print the title by this: <?php echo $rows['mytitle']; ?>
How to put the entire title in a text field?
Thanks
Print inside the value of the text field, example:
<input type="text" name="title" value="<?php echo $rows['mytitle']; ?>">
I have resolve this problem. Are easy, but in a first time make a wrong Google search.
I have resolve by this: htmlentities
I think you search for this
<?php
echo '<input type="text" value="' . $rows['mytitle'] . '">';
?>
or in plain HTML with
<input type="text" value="<?=$rows['mytitle'];?>">
Look to, for the second example you must have enabled short_tags in your php.ini or use
<input type="text" value="<?php echo $rows['mytitle'];?>">
try this
<input type="text" name="yourkey" value="<?php echo $rows['mytitle'] ?>" />
I'm making a query to the database and am showing the value in input type text as follows:
<input type='text' name='title' value="<?php echo $noticia->_title; ?>" />
What happens is that if the text coming from the database comes within "" the text does not appear because the " " of value. If I switch to '' have the same problem if the text coming from the database is inside ''. How can I solve this problem?
value="<?php echo htmlspecialchars($noticia->_title) ?>"
htmlspecialchars() will encode any HTML metacharcters in there that would otherwise break your form, e.g.
$title = 'Hello "Joe"';
<input ... value="Hello "Joe"" />
^---breaks the form
becomes
$title = htmlspecialchars('Hello "Joe"');
<input ... value="Hello "Joe"" />
Convert text to HTML with htmlspecialchars.
echo htmlspecialchars($noticia->_title);
I am trying to echo a string in a search box. However so far it only echos the first word of the string.
require 'search.php';
$searchQuery = $_GET['searchText'] ;
echo $searchQuery;//prints "this is a test"
$search = new Search();
$search->run($searchQuery);
.
.
<input name="searchText" type="text" id="searchText" size=70 value = <?php echo $searchQuery; // prints "this"?> />
Try adding quotes:
<input name="searchText" type="text" id="searchText" size="70" value="<?php echo htmlspecialchars($searchQuery); ?>"/>
As Esailija pointed out, escaping properly with htmlspecialchars() is a better solution and will ensure it prints the value correctly whatever the search may be.
You need to add quotes around the value of the 'value' attribute, as such:
<input name="searchText" type="text" id="searchText" size=70 value="<?php echo $searchQuery; // prints "this"?>" />
Otherwise this is what will render:
<input name="searchText" type="text" id="searchText" size=70 value = this is some sentent />
which defines value of the attribute named 'value' to be "this", and then creates more (meaningless) attributes "is", "some" and "sentence" which have no values. Quotes are important! You should also probably quote your size variable although it's not important in this case.
Also note that not inspecting and/or sanitizing the GET variable leaves you open to HTML/Javascript injection attacks -- if I provided the value word onClick='doSomething();' as the GET variable value, I could execute javascript on the client. If this were rendered as part of a comments section of a website as such, I could potentially inject other client's machines with arbitrary javascript.
[EDIT]
You can accomplish this by using htmlspecialchars as pointed out by Esailija. For more information about common web vulnerabilities and the reason for sanitizing GET variables, perhaps you should check out OWASP
It's happening because you don't have quotes around it, so what you're actually outputting is
<input ... value = this is a test />
So it's assigning the first token as the "value" property.
Try this:
<input ... value="<?php echo $searchQuery; ?>" />
Try this:
<input name="searchText" type="text" id="searchText" size="70" value="<?php echo $searchQuery; ?>" />
I retrieve three pieces of information from the database, one integer, one string, and one date.
I echo them out to verify the variables contain the data.
When I then use the variables to populate three input boxes on the page, they do not populate correctly.
The following do not work:
id: <input type="text" name="idtest" value=$idtest>
Yes, the variable must be inside <?php var ?> for it to be visible.
So:
id: <input type="text" name="idtest" value=<?php $idtest ?> />
The field displays /.
When I escape the quotes,
id: <input type="text" name="idtest" value=\"<?php $idtest ?>\" />
the field then displays \"\".
With single quotes
id: <input type="text" name="idtest" value='<?php $idtest ?>' />
the field displays nothing or blank.
With single quotes escaped,
id: <input type="text" name="idtest" value=\'<?php $name ?>\' />
the field displays \'\'.
With a forward slash (I know that's not correct, but to eliminate it from the discussion),
id: <input type="text" name="idtest" value=/"<?php $name ?>/" />
the field displays /"/".
Double quotes, escape double quotes, escape double quotes on left side only, etc. do not work.
I can set an input box to a string. I have not tried using a session variable as I prefer to avoid do that.
What am I missing here?
Try something like this:
<input type="text" name="idtest" value="<?php echo htmlspecialchars($name); ?>" />
That is, the same as what thirtydot suggested, except preventing XSS attacks as well.
You could also use the <?= syntax (see the note), although that might not work on all servers. (It's enabled by a configuration option.)
You need, for example:
<input type="text" name="idtest" value="<?php echo $idtest; ?>" />
The echo function is what actually outputs the value of the variable.
Solution
You are missing an echo. Each time that you want to show the value of a variable to HTML you need to echo it.
<input type="text" name="idtest" value="<?php echo $idtest; ?>" >
Note: Depending on the value, your echo is the function you use to escape it like htmlspecialchars.
From the HTML point of view everything's been said, but to correct the PHP-side approach a little and taking thirtydot's and icktoofay's advice into account:
<?php echo '<input type="text" name="idtest" value="' . htmlspecialchars($idtest) . '">'; ?>
If you want to read any created function, this how we do it:
<input type="button" value="sports" onClick="window.open('<?php sports();?>', '_self');">
I have been doing PHP for my project, and I can say that the following code works for me. You should try it.
echo '<input type = "text" value = '.$idtest.'>';
I have a text box like ,
<!--<input type="text" maxlength="255" name="$key" value="<?php echo $value;?>" />-->
$value is b'bbb"bbb
But it only shows b'bbb as value.Can any1 help ???
Properly escape your data that should be displayed unparsed in HTML using htmlentities():
<input type="text" maxlength="255" name="<?php echo htmlentities($key);?>" value="<?php echo htmlentities($value);?>" />
The quote char (") is breaking your code. It could get more dangerous if you've a $value like "><script>alert("xss")</script> (it's called XSS and will pop up an alert box with "xss")
Obviously the " in your $value is breaking the html.
Try echo htmlspecialchars($value);
you can use htmlentities() to use single and double quotes inside the textbox or when using session values