echo'<img src="'.$row['filename'].'" onmouseover="this.src='.$row['back_filename'].'" onmouseout="this.src='.$row['filename'].'" />';
I'm calling in 2 images from a database using mySql and php, How come this onmousover doesn't work?
ps. I'm calling a path to the image not storing the image in the database itself.
try this
echo'<img src="'.$row['filename'].'" onmouseover="this.src=\''.$row['back_filename'].'\'" onmouseout="this.src=\''.$row['filename'].'\'" />';
You are not providing the needed quotes for the inline javascript, you need single quotes '' around the filename as it is a string, causing whatever the variables hold to be interpreted by javascript as something other than what you expect.
Also use a heredoc to help with preventing errors caused by misquoting and worrying about escaping quotes.
echo <<<END
<img src="{$row['filename']}" onmouseover="this.src='{$row['back_filename']}'" onmouseout="this.src='{$row['filename']}'" />
END;
Related
When I try to use this:
<?php
$html = "<p id="test"><input class='is' id='live' type='checkbox' onclick='update(".htmlspecialchars($myid).");'></p>";
?>
If $myid is a number the above works fine. If it contains text like mytext_30, then onClick I get a console message that mytext_30 is not defined. How in the top syntax I can include some kind of quotas for the result to be always like this:
<input .... onclick='update("30")'/> or
<input .... onclick='update("mytext_30")'/>
?
Thank you in advance.
Quotes you are using are mislead for PHP. try this:
$html = "<p id=\"test\"><input class='is' id=\"live\" type='checkbox' onclick='update(\"".htmlspecialchars($myid)."\");'></p>";
The problem belongs to missing escaping of the quotes. Thats easy to fix.
But first, you should decide on a way you will use. Preferred way to write tags in HTML is to always use quotes ". But at least, you should not mix quotes and apostrophes. Decide for one way and use them, but not switch between them here and there.
The best way here is, to use quotes for the tags, and apostrophe for the php string. With using apostrophes for this, you have clean HTML and don't need to escape anything.
$html = '<p id="test"><input class="is" id="live" type="checkbox" onclick="update(' . htmlspecialchars($myid) . ');"></p>';
I am not able to delete the files from a folder using php whenever the user clicks yes to delete form submission.
The files are still present in the folder even after using unlink() function:
<form method='post'>
<input type='submit' name='del' value='Yes'>
</form>
<?php
if(isset($_POST['del']))
{
$filename=$userid.".jpg";
unlink('upload-cover/uploads/$userid/$filename');
echo "Your image has been deleted successfully!!";
}
?>
You have to have the string passed to the unlink function in double-quotes. This is because PHP will interpret strings in single-quotes literally, therefore not including your variables. Try this:
unlink("upload-cover/uploads/$userid/$filename");
Or:
unlink("upload-cover/uploads/".$userid."/".$filename);
I think the second option is a lot more readable, and prevents errors like the one you encountered!
This is a great answer to understand PHP strings and paths:
What is the difference between single-quoted and double-quoted strings in PHP?
If you use single quotes, the file name genrated will be incorrect.
Also, make sure you have right permissions
Try with
unlink("upload-cover/uploads/$userid/$filename");
By looking into your code it seems that it is variable look up problem
variable inside single quotes are string to the php engine
unlink('upload-cover/uploads/$userid/$filename');
where as variable inside double quotes are variable to the php engine
unlink("upload-cover/uploads/$userid/$filename");
I have a folder where uplaoded files are saved. This page is used to retrieve those saved files. A picture called "flower.jpeg" is in the folder, and I am trying to display the picture using an image tag, as shown below. I have two options, but none of them is working.
<!DOCTYPE html>
<html>
<body>
<?php
$picture=flower.jpeg
$playfile='/upload/$picture';
?>
// <img href= '<?php $playfile ?>' width="800" height="600">
// <img src= '<?php echo $playfile; ?>' width="800" height="600"> <br>
<script>
document.write('Go Back To Chat');
</script>
</body>
</html>
flower.jpeg requires quotes and the $playfile assignment is not properly specified as, to my knowledge, strings within single quotes are not parsed for variables within PHP.
$picture='flower.jpeg';
$playfile='/upload/'.$picture;
Additionally correct use of the tag is as follows
<img src="<?php echo $playfile; ?>" width="800" height="600">
As the attributes need enclosing by double-quotes, you are just using PHP to echo out a variable containing a string.
An explanation of what is wrong. You're using the following code to build your link:
$picture=flower.jpeg
$playfile='/upload/$picture';
First off, you need to quote the picture
$picture = 'flower.jpg';
//or
$picture = "flower.jpg";
The next problem is how you're building the playfile. You need to exit single quotes to use a variable or use double quotes:
$playfile = '/upload/'.$picture;
//or
$playfile = "/upload/$picture";
//or even
$playfile = "/upload/".$picture;
The single quotes will take the text as is where the double quotes will evaluate variables in them. I suggest continuing to read up on the basics of PHP and strings.
Here are a few steps that may help you in finding if the path to the image (or the 'href' as you call it) is correct. No direct solution is possible as we do not have access to your file system, as Simon pointed out.
Check if the file extension of your picture is mentioned correctly. Check also that it is in the correct CAPS. For example, if you saved your picture using MS Paint, the extension will be *.PNG but your script may contain *.png; this may cause problems in some cases.
.jpg and .jpeg are two different extensions sometimes (in the sense of the above point). You may want to take that into consideration.
You may want to verify that the directory structure of the image is correct (i.e. verify that you are specifying the correct path to the file).
Hope this helped you in some way. The above steps are rough and vague. If they failed to help you, please comment, and someone will be able to help you.
I am using php and trying save some html contents in mysql database. the html content is generating by ckeditor. The content is something like this-
<p><img align="left" alt="" src="images/1im1.jpg" style="margin:1px 15px 0 0; border:1px solid #cecece; " /> <img alt="If syou love hot sauce" src="images/tit_If-you-love-hot-sauce.jpg" /></p><br>D'elidas is a fine<p>
I am using this in php-
$main_data = mysql_real_escape_string($_POST['content']);
This was working okay in my localhost(xampp). but not working in online. my hosting is using latest version of PHP and MySQL. after saving in online database, I see like this-
<p><img align=\"left\" alt=\"\" src=\"images/1im1.jpg\" style=\"margin:1px 15px 0 0; border:1px solid #cecece; \" /> <img alt=\"If syou love hot sauce\" src=\"images/tit_If-you-love-hot-sauce.jpg\" /></p>br>D\'elidas is a fine<p>
And that is why the HTML is not displaying correctly in my page. Please help me about this. this is adding slashes before quotes. I want to save exact html and show in front end.
You hosting company probably has magic quotes turned on - http://php.net/manual/en/security.magicquotes.php
You can't disable it in code, but Example 2 here shows a work around http://www.php.net/manual/en/security.magicquotes.disabling.php
It sounds like your host probably has magic_quotes_gpc turned on, which will automatically add slashes to quotes and double quotes on data coming in from $_GET, $_POST, and $_COOKIE.
You might want to create a wrapper function for escaping GPC data. As an example...
function mysql_escape_gpc($dirty)
{
if (ini_get('magic_quotes_gpc'))
{
return $dirty;
}
else
{
return mysql_real_escape_string($dirty);
}
}
This way your code is portable, regardless of how the server is configured.
Also, if your production environment supports it, you should consider looking into prepared statements. This way you don't have to worry about escaping your data, however you would still need to UNescape it in the event that magic_quotes_gpc is turned on.
When you fetch it from the database you need to run a stripslashes() on the HTML string. Right?
I accomplished this by using the following code segments in php and mySQL database:
Storing into the database. You must use the following code segment in the actual mySQL Insertcall. I found out if you do this to the variable first and then put the variable in the insert call it will not work. The function must be in the mySQL statement.
mysql_real_escape_string($myValue)
Retrieving Into textbox in value. Assuming your values have been already retrieved from the database and now are in an array Called theValues. Basically I am Removing any backslashes but before hand I'm making sure it can be displayed correctly using htmlentities. Since you are no Backslashes in HTML that I know of it fixes it where servers replace quotes with \". If you do encounter some Back slashes in HTML you'll just have to be a bit more clever in your replacement function.
$myValue= str_replace("\\", "", htmlentities($theValues->myValue));
echo $myValue;
echoing out on to a page same reasons as above, but the htmlentities function Makes it only display the text of the HTML Instead of processing the HTML
str_replace("\\", "",$myValue)
have a question about a php echoing script that has a link to a javascript with some variables. I need to know the format for the echo so it will work properly. Could anyone shed any light on this? My code is posted below
echo "<a href='javascript: toggle('variable1', 'variable2')'><label1 for='nameEditor'>Manage</label1></a>";
Now when you hover over the link it just shows javascript:toggle( Now I have tried multiple things and I still cant get it to work. Anyone have any suggestions?
Assuming variable1 and variable2 are the PHP bits you want inserted into the javascript, then
echo "<a href='javascript: toggle('$variable1', '$variable2')'><label1 for='nameEditor'>Manage</label1></a>";
However, be aware that if either of those variables contain Javascript metacharacters, such as a single quote, you'll be breaking the script with a syntax error (think of it as the same situation as SQL injection).
To be sure that the variable's contents become legal Javascript, you'd want to do something like:
<script type="text/javascript">
var variable1 = <?php echo json_encode($variable1); ?>;
var variable2 = <?php echo json_encode($variable2); ?>
</script>
...
try like this:
echo "<label1 for='nameEditor'>Manage</label1>";
you have to escape \ quotes
It's because you're mixing your quotes that the browser see. Do this:
echo "<label1 for='nameEditor'>Manage</label1>";
If you escape the double quotes (\"), you'll be fine. The browser itself is seeing '''' (all single quotes), so you need to retain "''" (double,single,single,double) in your html element attribute, irregardless of PHP (except for the escaping).