I'm making a query to the database and am showing the value in input type text as follows:
<input type='text' name='title' value="<?php echo $noticia->_title; ?>" />
What happens is that if the text coming from the database comes within "" the text does not appear because the " " of value. If I switch to '' have the same problem if the text coming from the database is inside ''. How can I solve this problem?
value="<?php echo htmlspecialchars($noticia->_title) ?>"
htmlspecialchars() will encode any HTML metacharcters in there that would otherwise break your form, e.g.
$title = 'Hello "Joe"';
<input ... value="Hello "Joe"" />
^---breaks the form
becomes
$title = htmlspecialchars('Hello "Joe"');
<input ... value="Hello "Joe"" />
Convert text to HTML with htmlspecialchars.
echo htmlspecialchars($noticia->_title);
Related
My query extract a data value from mysql table where are a double quote in the text.
Select mytitle from title_table
The result is: This is my title: "for school"
This value I want to put inside a text field, but is truncated in this position This is my title:
I print the title by this: <?php echo $rows['mytitle']; ?>
How to put the entire title in a text field?
Thanks
Print inside the value of the text field, example:
<input type="text" name="title" value="<?php echo $rows['mytitle']; ?>">
I have resolve this problem. Are easy, but in a first time make a wrong Google search.
I have resolve by this: htmlentities
I think you search for this
<?php
echo '<input type="text" value="' . $rows['mytitle'] . '">';
?>
or in plain HTML with
<input type="text" value="<?=$rows['mytitle'];?>">
Look to, for the second example you must have enabled short_tags in your php.ini or use
<input type="text" value="<?php echo $rows['mytitle'];?>">
try this
<input type="text" name="yourkey" value="<?php echo $rows['mytitle'] ?>" />
I have a data stored in database valued xy". When I print this value in tag, or quote sign is visible. But when i output this value in input field, double quote isn't visible(it's still in database).
<input type="text" value="<?php echo $value ?>" />
The interesting thing is, when I use 2 single qoutes, output is equal to the value in database(xy''). Any ideas
Try this one
<input type="text" value="<?php echo htmlspecialchars($value) ?>" />
I want to submit the value under h1 tag into my Sql table
Example, if this where the given input string:
<h1>hello</h1>
how to echo "hello" with php (this is a hidden value to submit along with form)
<input type="hidden" name="post_id" id="post_id" value="<?php
echo $Pattern = "/<h1>(.*?)<\/h1>/";
?>" />
the above one writes
/<h1>(.*?)</h1>/
into my table
Are you escaping the HTML before attempting to insert it into the database try mysql_real_escape_string($htmlyouwant);
and
echo "<h1>".$message."</h1>";
I retrieve three pieces of information from the database, one integer, one string, and one date.
I echo them out to verify the variables contain the data.
When I then use the variables to populate three input boxes on the page, they do not populate correctly.
The following do not work:
id: <input type="text" name="idtest" value=$idtest>
Yes, the variable must be inside <?php var ?> for it to be visible.
So:
id: <input type="text" name="idtest" value=<?php $idtest ?> />
The field displays /.
When I escape the quotes,
id: <input type="text" name="idtest" value=\"<?php $idtest ?>\" />
the field then displays \"\".
With single quotes
id: <input type="text" name="idtest" value='<?php $idtest ?>' />
the field displays nothing or blank.
With single quotes escaped,
id: <input type="text" name="idtest" value=\'<?php $name ?>\' />
the field displays \'\'.
With a forward slash (I know that's not correct, but to eliminate it from the discussion),
id: <input type="text" name="idtest" value=/"<?php $name ?>/" />
the field displays /"/".
Double quotes, escape double quotes, escape double quotes on left side only, etc. do not work.
I can set an input box to a string. I have not tried using a session variable as I prefer to avoid do that.
What am I missing here?
Try something like this:
<input type="text" name="idtest" value="<?php echo htmlspecialchars($name); ?>" />
That is, the same as what thirtydot suggested, except preventing XSS attacks as well.
You could also use the <?= syntax (see the note), although that might not work on all servers. (It's enabled by a configuration option.)
You need, for example:
<input type="text" name="idtest" value="<?php echo $idtest; ?>" />
The echo function is what actually outputs the value of the variable.
Solution
You are missing an echo. Each time that you want to show the value of a variable to HTML you need to echo it.
<input type="text" name="idtest" value="<?php echo $idtest; ?>" >
Note: Depending on the value, your echo is the function you use to escape it like htmlspecialchars.
From the HTML point of view everything's been said, but to correct the PHP-side approach a little and taking thirtydot's and icktoofay's advice into account:
<?php echo '<input type="text" name="idtest" value="' . htmlspecialchars($idtest) . '">'; ?>
If you want to read any created function, this how we do it:
<input type="button" value="sports" onClick="window.open('<?php sports();?>', '_self');">
I have been doing PHP for my project, and I can say that the following code works for me. You should try it.
echo '<input type = "text" value = '.$idtest.'>';
I have a text box like ,
<!--<input type="text" maxlength="255" name="$key" value="<?php echo $value;?>" />-->
$value is b'bbb"bbb
But it only shows b'bbb as value.Can any1 help ???
Properly escape your data that should be displayed unparsed in HTML using htmlentities():
<input type="text" maxlength="255" name="<?php echo htmlentities($key);?>" value="<?php echo htmlentities($value);?>" />
The quote char (") is breaking your code. It could get more dangerous if you've a $value like "><script>alert("xss")</script> (it's called XSS and will pop up an alert box with "xss")
Obviously the " in your $value is breaking the html.
Try echo htmlspecialchars($value);
you can use htmlentities() to use single and double quotes inside the textbox or when using session values