I'm appending a table row to the HTML table in smarty template by using AJAX. It's working perfect for me except a small thing. I'm not able to integrate smarty code in this ajax response. Following is the AJAX response from PHP file.
echo "<tr id='reb$rebate_no'><td><input type='text' name='pack[]' value='' class='form-control' size='8'/></td>
<td><input type='text' name='quantity[]' value='2' class='form-control' size='8'/></td>
<td><input type='text' name='volume[]' value='750' class='form-control' size='8'/></td>
<td><div class='btn-group'><select id='unit' name='units[]' class='form-control'><option value='' {if $data.id==''} selected='selected'{/if}>Select Unit</option>
{foreach from=$all_volume_units item=units key=key}<option value='{$units.id}' {if $units.id == $data.units[$units]} selected='selected'{/if}>{$units.unit}</option>
{/foreach}</select></div></td><td><input type='text' name='amount[]' value='3.00' class='form-control' size='9'/></td></tr>";
The above code is giving error. But I want to include the smarty code or to replace the smarty code by PHP code. How should I achieve this?
I think, smarty is not designed for such usage, because it first compiles the string into php code. However it is possible to use string resource, but whenever string is changed new php file is created. double quotes should not be used to enclose string, PHP will recognize words starting with dollar sign as variables.
more information on using string resources, is here;
http://www.smarty.net/docs/en/resources.string.tpl
Related
Im having problems getting this piece of code to work. Theres definitely a problem and I think its towards the end. My goal is to assign a php session variable to a hidden field. Normally I would just echo the php inline within the value parameter however I'm on Wordpress and thats not an option. this is my attempt at a work around.
echo "<input type='hidden' name='country' id='firstcountry' value='" . $_SESSION["first_country"] . "'/>";
The end of your code's line seems to contain two unidentifiable characters that could break your code.
Copy/paste the following, while changing the appropriate variable to the assigned POST.
<?php
session_start();
$_SESSION["first_country"] = "Canada";
echo "<input type='hidden' name='country' id='firstcountry' value='" . $_SESSION["first_country"] . "'/>";
?>
which echo'd "Canada" in HTML source in my test, as shown below:
<input type='hidden' name='country' id='firstcountry' value='Canada'/>
Edit:
After pasting it into my IDE, the two characters were a Unicode Character 'LINE SEPARATOR' (U+2028) -
For more information on this Unicode character, visit the following Websites:
http://www.fileformat.info/info/unicode/char/2028/index.htm
http://en.wikipedia.org/wiki/Unicode_control_characters
I'm building a form in PHP and I have a field that currently works fine like this:
<input type='text' name='Name' value='Name'/>
But I dont want the users to have to rub out the value manually so I did this:
<input type='text' name='Name' value='Name'
onblur="if(this.value==''){ this.value='Name'; this.style.color='#BBB';}"
onfocus="if(this.value=='Name'){ this.value=''; this.style.color='#000';}"
style="color:#BBB;" />
But obviously since this is in PHP and the form starts with $output="<form... it didnt work and brought up errors because of the "
So I then created this:
<input type='text' name='Name' value='Name'
onblur='if(this.value==''){ this.value='Name'; this.style.color='#BBB';)'
onfocus='if(this.value=='Name'){ this.value=''; this.style.color='#000';}'
style='color:#BBB' />
Which doesn't through up errors, but simply doesn't work. I mean the form shows up correctly, but the value does not disappear with clicks. So I thought of changing the ' inside the onblur and onfocus to " and this worked in html but brought up the same error as before in php. So what is the solution to this?
Escape the quotes:
$output = "<input type='text' name='Name' value='Name'
onblur=\"if(this.value==''){ this.value='Name'; this.style.color='#BBB';}\"
onfocus=\"if(this.value=='Name'){ this.value=''; this.style.color='#000';}\"
style='color:#BBB;' />";
There's one really really simple solution to this: use HTML5 placeholders:
<input type="text" name="Name" placeholder="Name">
(This will automatically be a lighter color than the original, so the style attribute is not required here)
This is supported by all modern browsers, as seen here. Only IE versions 9 and lower don't support this, and those browsers only have 5% of all browser usage, so generally it's better to drop support for older browsers in favour of features that make your life much easier.
Use backslashes before '
For example:
<input type='text' name='Name' value='Name'
onblur='if(this.value==\'\'){ this.value=\'Name\'; this.style.color=\'#BBB';)'
You can use backslash to escape quote characters inside strings. Eg: "…\"…" or '…\'…'. The problem is that this easily becomes hard to read. What can really improve readability is to use HEREDOC syntax:
$output = <<<_
<input type='text' name='Name' value='Name'
onblur="if(this.value==''){ this.value='Name'; this.style.color='#BBB';}"
onfocus="if(this.value=='Name'){ this.value=''; this.style.color='#000';}"
style="color:#BBB;" />
_;
You can even expand variables inside it and still keep the markup fairly readable. Example:
$output = <<<_
<div class="$c">$t</div>
_;
This is weird! I have a form which gets info from a DB and then fills in a form with the details. I am trying to cater for cases where a person has a name like O'Neill. At the top of the page (outside the actual form itself) is a line that echoes the user's name to the screen:
<h2>Member Details for <?php echo $thefn; ?></h2>
And this does indeed display on the page properly, i.e., Member Details for Mike O'Neill
However, in the actual form, where the code runs:
<td><?php echo "<input type='text' name='fname' value='$thefn' size='30' maxlength='30'>"; ?></td>
The name is shown with everything after the apostrophe gone! The variable is the same, so what am I doing wrong? This has got me tearing my hair out (and there's a fair amount of that!)
Let's say I put in my name as:
' /><script type="text/javascript">alert("You've just been hacked!");</script><input type="hidden" name="lol" value='hax
Now what?
htmlspecialchars($thefn)
Should help.
Use double quotes " " in your HTML like so :
echo "<input type='text' name='fname' value=\"$thefn\" size='30' maxlength='30'>";
Note that you have to escape them with \ since you already use double quotes to delimit your string (in PHP). Another solution is to use single-quotes on the PHP side (echo ' ';) and use double quotes inside the string, so that you don't need escaping.
Also note that this code is vulnerable to XSS attacks, you can use htmlspecialchars() to prevent that, here's the corrected code (both the XSS and the quotes) :
echo '<input type="text" name="fname" value="'.htmlspecialchars($thefn).'" size="30" maxlength="30">';
Ignoring the obvious security red herring here (I assume the format of your $thefn variable is correct for going between single quotes in HTML), I would be wrapping the PHP variables inside of {} brackets, like so. This has two major advantages. One - it is easier to spot replaceable parts, plus, makes it crystal clear to PHP what part is dynamic. Two - you can use fancier variables, like arrays. {$my_array['my_key']}.
<td>
<?php
echo "<input type='text' name='fname' value='{$thefn}' size='30' maxlength='30'>";
?>
</td>
See also: PHP string parsing (in the manual)
Hi I have a text box dynamically created to get a value from a database. The specific line in the code is as follows and it works fine;
<input name='routename' class='colr' type='text' id='routename' size='20' maxlength='40' value=".$row['route']."></td>
How ever my database has a value 'colombo/ srilanka' and when the result is loaded to the text box it captured only 'colombo/' and 'srilanka' is missing. In other words text after the space is not loaded to the textbox. Can someone help me with a workaround?
Thanks for looking!
You missed the quotes of the value, and don't forget using htmlspecialcharor htmlentities.
"<input name='routename' class='colr' type='text' id='routename' size='20' maxlength='40' value='".htmlspecialchar($row['route'])."'></td>"
Try htmlentities():
echo "<input name='routename' class='colr' type='text' id='routename' size='20' maxlength='40' value='".htmlentities($row['route'])."' /></td>";
When you echo anything from PHP into HTML, you should always wrap the string with htmlentities to make sure the outputted string is safe for HTML to display (without inadvertently writing markup to the page instead).
I used a form generator to create a simple for me to work with. I noticed that my radial and checkbox buttons didnt seem to be working. EDIT: This is out of my HTML DOC
this is what i have for my buttons:
<tr><td><label><input type='radio' name='gender' value='male'>Male</label></td></tr>
<tr><td><label><input type='radio' name='gender' value='female'>Female</label></td></tr>
when i try echoing the value in php with $_POST['gender'] call nothing comes up. I've also tried "IF....ELSE" statements to get this to work but the ELSE clause is always returned.
also before the two buttons were formated like this, the name and value attributes were actually echo commands enclosed in tags. I tried turning the page from a html to a php file and change the tags to tags, but that didn't help (i knew that was a long shot)
I couldn't google up any information about why this is happening so i hope the good people of stack overflow can help me. Im pretty new to programming, especially web programming, but it kills be to get stumped by something so easy!
edit: So you know, this is what have in my PHP file:
$gender = $_POST["gender"];
if($gender == "male")
{echo "male </br>";}
else
{echo "female </br>";}
Well for one, you have your quotes nested wrong:
"<tr><td><label><input type='radio' name='gender' value='male'>Male</label></td></tr>"
"<tr><td><label><input type='radio' name='gender' value='female'>Female</label></td></tr>"
Also, on some browsers (IE), wrapping the input with label causes errors. You should move the inputs outside the label.