Everytime I check the HTML output of this piece of code, the slashes aren't included. Thus, the background image fails. I even put it through a html to php converter. Im lost; please help.
while($row = mysql_fetch_array($data))
{
//Echo Theme Template on pages
echo "<div style='background-image:url('../uploads/avi/{$row['avi']}')></div>";
echo "<div class='myname'>{$me}</div>";
}
the simplest answer would be, you have an unclosed ' on your style attribute..
echo "<div style='background-image:url('../uploads/avi/{$row['avi']}')'></div>";
^here
but this wouldn't work as is.. so you should adjust the quotes like this:
echo "<div style='background-image:url(\"../uploads/avi/{$row['avi']}\");'></div>";
you can see the broken echo http://codepad.viper-7.com/CGMdUx
and the edited one is here http://codepad.viper-7.com/bEyKFz
i passed it through htmlspecialchars on codepad just so you can see it as string and avoid being rendered as HTML for viewing purposes only..
You did two things wrong here. You never closed the final quote for the style tag, and using single quotes for both style='' and the url('') cancelled each other out.
I'd recommend always using double quotes for HTML tags.
while($row = mysql_fetch_array($data))
//Echo Theme Template on pages
{
echo "<div style=\"background-image:url('../uploads/avi/{$row['avi']}');\"></div>";
echo "<div class='myname'>{$me}</div>";
}
Another thing to consider, always say "View Source" instead of "Inspect" with Firebug or some other tool. The reason you didn't see the URL printed out is because new browsers are "Smart" and try to fix DOM errors. Inspecting the source with Firebug or a similar tool will show you what the browser actually interprets. Viewing the source will show what was actually sent to the browser.
Because of the inner ' used by the style attribute, you need to use double quotes inside.
echo '<div style="background-image:url(\'../uploads/avi/' . $row['avi'] . "')></div>";
Result
<div style="background-image:url('../uploads/avi/abc.efg')></div>
Related
I have a php variable $username and following script:
<?php
echo ''.$username.'';
?>
If $username contains something <b it bolds text. How can I prevent that?
Use htmlspecialchars
echo ''.htmlspecialchars($username).'';
See documentation: http://php.net/manual/en/function.htmlspecialchars.php
echo ''.htmlentities($username).'';
like that:
<?php
echo ''.htmlspecialchars($username).'';
?>
http://php.net/manual/fr/function.htmlspecialchars.php
the echo in PHP returns the HTML of whatever you tell it should. So if you use e.g.
echo "This is my text which should be displayed as it is <b>";
the browser will translate it into the according HTML Text (every browser has built in mechanics to "repair" malformed HTML), which will be
<b>This is my text which should be displayed as it is</b>
This is not only wrong, but also a security risk. Imagine someone uses an extremely long name which would translate into javascript once the browser renders it. Your server would turn into a spambot machine.
To prevent this from happening, you have to use the according php function, which is htmlspecialchars() (or htmlentities();
So your code will be:
echo ''.htmlspecialchars($username).''
and it will display the name as intended.
You need to strip (remove) HTML tags from the string.
echo '' . strip_tags($username) . '';
http://php.net/manual/en/function.strip-tags.php
I have a problem I can't solve by myself, don't know how simple it is to solve but I want to open this link in another frame:
<?php echo "<a href=details.php?id=$row[idProdukt]>$row[Produkt_Namn]</a>" ?>
tried to use taget but since it's html I couldn't really wrap my head around how to type it.
any help is greatly appreciated.
Just add the attribute to your anchor tag as usual. Make sure you use the name of the targeted iframe as its value:
<?php echo "<a href='details.php?id=$row[idProdukt]' target='framename'>$row[Produkt_Namn]</a>" ?>
I added quotes around your html attribute values as that is a good practice to be in. It prevents issues arising from errant or intentional spaces in attribute values.
First, you have error on array index, missing quotes. You can use this;
<iframe src="some_url" name="test">
.....
</iframe>
<?php echo "" . $row['Produkt_Namn'] . ""; ?>
The trouble is missing quotes around href attribute value and array key.
echo "{$row['Produkt_Namn']}";
See in action
I'm a beginner PHP programmer, and I was wondering what was wrong with my code.
Here is the small excerpt from the affected spot:
echo "<form action='?tab=4' name='toedit5' method='get'><input value='text' onblur='edit('toedit5')' /></form>";
In Chrome's Developer Tools, the form element totally disappears, and the edit('toedit5') becomes edit(' toedit5').
The edit() function doesn't execute.
Is there anything wrong with this one line of code? Otherwise it is outside code messing with it. Sorry I didn't include it, but I don't know what to include. If you need more information, please tell me.
Thanks.
You need to escape your quotes inside your quoted echo'd statement, like this:
<?php
echo "<form action='?tab=4' name='toedit5' method='get'>";
echo "<input value='text' onblur='edit(\"toedit5\")' />"; // escaped..!
echo "</form>";
?>
It helped me to think about it like this when I was starting out: how does your browser know if the second single quote in onblur='edit('toedit5')' is closing your onblur statement or opening up the parameter? In this example, your browser will pair up the first 2 quotes it sees and assign that to the onblur attribute, i.e.: onblur='edit(' only!
Update 1:
Using the code above, I inspected a quick PHP page I created in Chrome's developer tools and was able to see the following (form available for inspection):
You really should use the more standard double quotes around the HTML properties and use single quotes around your string, with escaped single quotes within the javascript method calls. Like this:
echo '<form action="?tab=4" name="toedit5" method="get"><input value="text" onblur="edit(\'toedit5\')" /></form>';
thank you in advance , i wanted to stop not logged_in visiters from reaching some pages
i know i can just do that by cheking values in SESSION_ and and showing the HTML part with
<?php echo '<html>...</html>'; ?>
but i have a very long html content with both '' & "" text delimiters because it's not only HTML there is some JavaScripts, so i'm looking for another methode rather than printing the code with ECHO , and in this case i can't mixt PHP and HTML code . i there any solution or another idea to secure page from non member to see it,
and can i use this code to take them back to hope page (? :
<?php header("Refresh: 0;url=http://index.php/"); ?>
is it secure ?
so i'm looking for another methode rather than printing the code with
ECHO ,
use [heredocs] style or print all HTML outside php tag:
1- [heredocs]
echo <<<HEREDOCS
any string here ' or "
HEREDOCS;
note: notations should be at beginning of each line and ends with line break without any space or indent.
2- separation logic
<?php
//here is php
//close php
?>
<html>
<head>
</head>
<body>
<p>This will also be ignored by PHP and displayed by the browser.</p>
....
</body>
<?php
//php again
?>
When you echo out code that uses both ' and ", you escape the characters that match your opening and closing tags, like so:
echo '<p class="someclass">This can\'t be the end.</p>';
or
echo "<p class=\"someclass\">This can't be the end.</p>";
If you're worried about the " & ' text parameter,you should just use text editor such as sublime to to replace all " to '
and for " in textarea you can replace with "
then do
echo " <a href='#' value='{$var1}'>double quote mean "</a>some other massive code ";
thus you can just use a <?php and ?> from the beginning of page till the end of the page
What you can probably do is perform the check for the session variable at the start of the file and if the user is not logged in, use a header('Location: index.php'); followed by an exit();. If you do need to send headers based on logic that appears after the echo statements and changing the order of the statements is not doable, use output buffering.
Also, instead of including the HTML and Javascript within your code file, consider using a template engine, using include, or a combination of file_get_contents and echo (and possibly a string replace if you are using content placeholders). Heredocs and Nowdocs will make it easier to include single-quotes and double-quotes within strings.
Edit: If all you want to show unauthenticated users is an error message, you can redirect them to an error page, or use the PHP die(''); statement (which is like a combination of an echo and an exit).
Hi I am transferring html code to php code, but i get some problems.
For example in html I am using <ul div class="country city">...</ul>, it contains two classes (country & city),
But when I using PHP, I need to change it to echo "<ul div class=country city>...</ul>" since php does not accept "" in the middle. And as a result, the system only accept the first class(country) instead of two classes.
So could I ask how to change it,
Thanks :-)
use simple quote for example as HTML accept it as double quote
echo "<ul div class='country city'>...</ul>"
You can also escape your " so PHP can accept it:
echo "<ul div class=\"country city\">...</ul>"
You can swap the quotations to make them work. like this
echo "<ul div class='country city'>...</ul>"
If you want to introduce any variable in between, you can add this by
echo "<ul div class='country city".$variable."'>...</ul>"
This is called concoction