I'm trying to put input value, which is called from base.
<input class=\"title\" name=\"title\" value=".$edit['title']." />
Title is : New York Welcome! But it shows just New. If i write NewYorkWelcome! it shows right, but when there are spaces - no.
I just tried to echo the $edit['title'] not in input - it shows correctly. Very strange problem. Please, any solution?
If the string is delimited by double quotes, you must escape those as you did with the previous attributes:
<input class=\"title\" name=\"title\" value=\"{$edit['title']}\" />
Related
I have a problem with an input type text.
The value of the field is affected by PHP, like this:
<input type="text" class="form-control" name="ClientName" id="ClientName" value="<?php echo strtoupper($Client['name']).' '.trim($Client['surname']); ?>" />
Each time i have a space added at the end of the string, so when i save datas in my db with htmlentities() function, i have for example:
NAME Surname
I tried a lot of things, i'm sure my data from PHP don't have a space at the end. When i save datas in db, i make a TRIM on this input.
I can't remove this space and i don't know where it comes from!!
Do you have any idea?
Thanks
I have a value ($title) that is stored in MySQL and is being called, using PHP, to be inserted into the value of an input element. The problem is when a single or double quote is used, the value of the input field terminates at that point.
The behavior that should occur is the input field should be populated EXACTLY with the data in the $title variable, so that when the form is updated, the quotes remain intact.
Here is the PHP:
<?php
echo '<input type=text size=91 name=title value="'.stripslashes($title).'">';
?>
Now, here is a typical problem: if the value of $title
this is a test " of what occurs with a quote
and I echo the variable, it echos correctly to
this is a test " of what occurs with a quote
However, when used in an input field, it renders as:
<input value="this is a test " of what occurs with a quote">
The first " terminates the value of the field, causing the new value to be:
this is a test
I'm confused as to how to get the proper value to display and be submitted with the form, when that variable is displayed and updated.
Try using htmlspecialchars. This will escape the " in yout title.
value="'.htmlspecialchars($title).'">
Put a \ before the quote.
echo "This is a \" test";
Change this line.
<input type=text size=91 name=title value="'.stripslashes($title).'">
To
<input type=text size=91 name=title value=\''.stripslashes($title).'\'>
Why are you running stripslashes()? Running addslashes() (the opposite function) would fix this particular issue, but a better approach would be to use htmlentities($title, ENT_COMPAT, 'utf-8') everywhere you output the title (or, if your structure allows, when the data is stored).
After you perform stripslashes you should use htmlspecialchars to escape the special characters. This avoids the mess the characters like ",', etc might otherwise create.
<input type=text size=91 name=title value="'.htmlspecialchars(stripslashes($title)).'">
The above snippet will only fix it for display purpose. But when the submit happens you must use either mysql_real_escape_string() or $pdo->quote() to escape the special characters before you run the SQL query.
I have a database var that contains
5/8\" Cabinet Grade Plywood
the \ being added by either WP or SQL to escape the ".
when retrieving this var i use stripslashes() both in in the value of the field used to edit that table (so that the next time someone want to edit that field he/she will see whats in that input already) and in the actual website where it suppose to appear.
The weird thing is ..
in the field it cuts from 5/8\" Cabinet Grade Plywood to just 5/8
and in the website where it suppose to appear it shows normally without slashes or anything unusual.
this is how I stripslash the field:
$somevar = '<input value="'.stripslashes($currentselected['something']).'" class="niceclass" name="something" type="text" />';
and this is how I use it when it appears on page:
<td><span style="font-size: larger;"><?php echo stripslashes($goods['verygood']); ?></span></td>
it simply collides with HTML markup
<input value="'.stripslashes($currentselected['something']).'"/>
will result in
<input value="5/8" Cabinet Grade Plywood" />
take a look on those ", its broken right there, you need to escape those "
to fix this use urlencode function in php
<input value="'.urlencode(stripslashes($currentselected['something'])).'"/>
or htmlspecialchars function, it should replace quotes with
"
You could use some htmlspecialchars on the output. The " has special meaning in HTML, and in this case would actually be seen as the closing of the value attribute of the input. Thus, you should escape it (htmlspecialchars will translate " to ").
I searched the site and didn't find a solution. My problem is that I've got a hidden input that I want to send via the post method that has quotes in it. I've tried using addslashes() and I get the same problem. It looks something like this right now:
<?php $value = 'I\'ve got \"some\" random text with quotes'; ?>
<input name="example" value="<?=$value?>">
And I get most of the the text showing in my form because the quotes aren't being ignored AARGH! ;) So how to I get text with quote into a hidden input?
Thanks in advance!
<?php $value = "I've got \"some\" random text with quotes"; ?>
when you output this will result in the following?
<input name="example" value="I've got \"some\" random text with quotes">
I would convert them so they validate and avoid confusion:
<?php $value = 'I've got "some" random text with quotes'; ?>
<input name="example" value="<?=$value?>">
Try to avoid using double quotes with PHP strings, as PHP will search the entire string for a variable to parse, regardless if the string contains one. They are slower than single quotes. Not so much anymore these days, but still a good practice to use single quotes for strings.
I'm inserting the following TEXT value into MySQL using..
$groupname = addslashes($_POST['groupname'];
When getting the value from Mysql I'm using
$name = $row['groupname'];
echo $name;
And this show correctly as "Mr. Davis's Group"
but when this value in added to a form as
then I pass the value to another page, and retrieve it as
$name = $_POST['groupname'];
echo $name;
it show up as "Mr. Davis" keeping everything before the apostrophy.
??No clue why, i've tried adding stripslashes($_POST['groupname']; and same thing happens
<input name='groupname' type='hidden' value='$groupname' />
Will generate:
<input name='groupname' type='hidden' value='Mr Davis's Group' />
^----
At the indicated spot, the browser's parser will see the 'end' of the value=, followed by some unknown attribute s and a broken attribute Group '.
To embed this type of text in a form, you need to use htmlspecialchars(), which will convert any HTML metacharacters (<, >, ', ") into their character entity equivalents, so they can be safely embedded in a form.
addslashes() is a deprecated method of "safely" adding something into a database. It will not make something safe to embed in HTML.
Check the text encoding of your input webpage. Match your db charset - use utf-8.