I'm a beginner PHP programmer, and I was wondering what was wrong with my code.
Here is the small excerpt from the affected spot:
echo "<form action='?tab=4' name='toedit5' method='get'><input value='text' onblur='edit('toedit5')' /></form>";
In Chrome's Developer Tools, the form element totally disappears, and the edit('toedit5') becomes edit(' toedit5').
The edit() function doesn't execute.
Is there anything wrong with this one line of code? Otherwise it is outside code messing with it. Sorry I didn't include it, but I don't know what to include. If you need more information, please tell me.
Thanks.
You need to escape your quotes inside your quoted echo'd statement, like this:
<?php
echo "<form action='?tab=4' name='toedit5' method='get'>";
echo "<input value='text' onblur='edit(\"toedit5\")' />"; // escaped..!
echo "</form>";
?>
It helped me to think about it like this when I was starting out: how does your browser know if the second single quote in onblur='edit('toedit5')' is closing your onblur statement or opening up the parameter? In this example, your browser will pair up the first 2 quotes it sees and assign that to the onblur attribute, i.e.: onblur='edit(' only!
Update 1:
Using the code above, I inspected a quick PHP page I created in Chrome's developer tools and was able to see the following (form available for inspection):
You really should use the more standard double quotes around the HTML properties and use single quotes around your string, with escaped single quotes within the javascript method calls. Like this:
echo '<form action="?tab=4" name="toedit5" method="get"><input value="text" onblur="edit(\'toedit5\')" /></form>';
Related
When I try to use this:
<?php
$html = "<p id="test"><input class='is' id='live' type='checkbox' onclick='update(".htmlspecialchars($myid).");'></p>";
?>
If $myid is a number the above works fine. If it contains text like mytext_30, then onClick I get a console message that mytext_30 is not defined. How in the top syntax I can include some kind of quotas for the result to be always like this:
<input .... onclick='update("30")'/> or
<input .... onclick='update("mytext_30")'/>
?
Thank you in advance.
Quotes you are using are mislead for PHP. try this:
$html = "<p id=\"test\"><input class='is' id=\"live\" type='checkbox' onclick='update(\"".htmlspecialchars($myid)."\");'></p>";
The problem belongs to missing escaping of the quotes. Thats easy to fix.
But first, you should decide on a way you will use. Preferred way to write tags in HTML is to always use quotes ". But at least, you should not mix quotes and apostrophes. Decide for one way and use them, but not switch between them here and there.
The best way here is, to use quotes for the tags, and apostrophe for the php string. With using apostrophes for this, you have clean HTML and don't need to escape anything.
$html = '<p id="test"><input class="is" id="live" type="checkbox" onclick="update(' . htmlspecialchars($myid) . ');"></p>';
This is weird! I have a form which gets info from a DB and then fills in a form with the details. I am trying to cater for cases where a person has a name like O'Neill. At the top of the page (outside the actual form itself) is a line that echoes the user's name to the screen:
<h2>Member Details for <?php echo $thefn; ?></h2>
And this does indeed display on the page properly, i.e., Member Details for Mike O'Neill
However, in the actual form, where the code runs:
<td><?php echo "<input type='text' name='fname' value='$thefn' size='30' maxlength='30'>"; ?></td>
The name is shown with everything after the apostrophe gone! The variable is the same, so what am I doing wrong? This has got me tearing my hair out (and there's a fair amount of that!)
Let's say I put in my name as:
' /><script type="text/javascript">alert("You've just been hacked!");</script><input type="hidden" name="lol" value='hax
Now what?
htmlspecialchars($thefn)
Should help.
Use double quotes " " in your HTML like so :
echo "<input type='text' name='fname' value=\"$thefn\" size='30' maxlength='30'>";
Note that you have to escape them with \ since you already use double quotes to delimit your string (in PHP). Another solution is to use single-quotes on the PHP side (echo ' ';) and use double quotes inside the string, so that you don't need escaping.
Also note that this code is vulnerable to XSS attacks, you can use htmlspecialchars() to prevent that, here's the corrected code (both the XSS and the quotes) :
echo '<input type="text" name="fname" value="'.htmlspecialchars($thefn).'" size="30" maxlength="30">';
Ignoring the obvious security red herring here (I assume the format of your $thefn variable is correct for going between single quotes in HTML), I would be wrapping the PHP variables inside of {} brackets, like so. This has two major advantages. One - it is easier to spot replaceable parts, plus, makes it crystal clear to PHP what part is dynamic. Two - you can use fancier variables, like arrays. {$my_array['my_key']}.
<td>
<?php
echo "<input type='text' name='fname' value='{$thefn}' size='30' maxlength='30'>";
?>
</td>
See also: PHP string parsing (in the manual)
I have a problem I can't solve by myself, don't know how simple it is to solve but I want to open this link in another frame:
<?php echo "<a href=details.php?id=$row[idProdukt]>$row[Produkt_Namn]</a>" ?>
tried to use taget but since it's html I couldn't really wrap my head around how to type it.
any help is greatly appreciated.
Just add the attribute to your anchor tag as usual. Make sure you use the name of the targeted iframe as its value:
<?php echo "<a href='details.php?id=$row[idProdukt]' target='framename'>$row[Produkt_Namn]</a>" ?>
I added quotes around your html attribute values as that is a good practice to be in. It prevents issues arising from errant or intentional spaces in attribute values.
First, you have error on array index, missing quotes. You can use this;
<iframe src="some_url" name="test">
.....
</iframe>
<?php echo "" . $row['Produkt_Namn'] . ""; ?>
The trouble is missing quotes around href attribute value and array key.
echo "{$row['Produkt_Namn']}";
See in action
I have a form with a url input that I need to prevent from converting, so that I can use $_GET on the target page. I have tried urlencode, urldecode, html_entity_decode, etc, but none of it prevents the html entity conversion (parse_url did nothing but get rid of all the important stuff). This is the only thread I have found that comes close to what I am trying to achieve.
It seems like there should be a simple solution, and this is not happening anywhere else I am using a url like this...
Thanks to anyone who can help!
echo "<option value='seeArtist.php?aid=".$row[0]."&ac=".$row[1]."&img=".$row[2]."'">
(blah, blah)
<input type="submit" style="margin-left:10px" name="submit" value="Go" />';
This is the result from clicking the submit button.
seeArtist.php?art_con=seeArtist.php%3Faid%3D18%26not%3Bac%3D+(aka)+Banksy%26not%3Bimg%3D0&submit=Go
Two variables are integers, so the database content is not url-encoded.
I suspect that since this is not happening anywhere else, and this is the only place where I am putting a link in a select option, that it has something to do with the submit action. In firebug the link shows up exactly the way it is supposed to. When I submit the url gets encoded.
Regardless of the PHP, your HTML is incorrect. You need to encode the ampersands. Your code should resemble this:
echo "<option value=\"seeArtist.php?aid=" . $row[0] . "&ac=" . $row[1] . "&img=" . $row[2] . "\">\r\n";
I also took the liberty of converting single-quotes to escaped double-quotes.
I barely know how to use PHP and I can't seem to make my code show an image if a condition proves true. This is the code:
<?php
$search=get_search_query();
$first=$search[0];
if ($first=="#"){
}
?>
I tried writing this thinking it would work and it didn't:
echo "<html>";
echo "<img src='http://chusmix.com/Imagenes/grupos/lujan.jpg'>";
Also I tried a code I found which started with the function: header() but it caused a tremendously long error, which said something like header already defined.
Thanks
You have used 'double quotes' incorrectly in the echo statement.
Try the following:
echo "<img src='http://chusmix.com/Imagenes/grupos/lujan.jpg' alt='Preview not available' />"
Regards,
Mahendra Liya.
You should var_dump($first) to know what it contains
check if the condition is really getting true
and also put single quote inside the double quote.
if ($first=="#"){
echo 'yes it is true';
echo "<img src='http://chusmix.com/Imagenes/grupos/lujan.jpg'>";
}
close the img tag
The part of the query string starting with # (so-called "hash") is not being sent to the server. That is, if your page is called like myblog.com/foo?bar=baz#quux, you php script will only receive myblog.com/foo?bar=baz. You need javascript if you want to handle urls with hashes.