I have what is, for me, quite a complex line I want to parse into php.
echo '<input class="cbox" onclick="if(this.checked){document.getElementById('school').style.display ='inline'}else{document.getElementById('school').style.display ='none'}" type="checkbox" name="type[]" value="School" checked/><br>';
Obviously, if I use speech marks to enclose the echo, it would fall apart in the onlick event. How can I avoid this?
To escape characters in php use the \ like so:
echo '<input class="cbox" onclick="if(this.checked){document.getElementById(\'school\').style.display =\'inline\'}else{document.getElementById(\'school\').style.display =\'none\'}" type="checkbox" name="type[]" value="School" checked/><br>';
You need to escape your quotes with \"
Like this:
echo "<input class=\"cbox\" onclick=\"if(this.checked){document.getElementById('school').style.display ='inline'}else{document.getElementById('school').style.display ='none'}\" type=\"checkbox\" name=\"type[]\" value=\"School\" checked/><br>";
Add slashes before '.
echo '<input class="cbox" onclick="if(this.checked){document.getElementById(\'school\').style.display =\'inline\'}else{document.getElementById(\'school\').style.display =\'none\'}" type="checkbox" name="type[]" value="School" checked/><br>';
If you use double-quotes, you can escape any other double-quotes by putting the \ character before them.
There are some more details at: http://php.net/manual/en/language.types.string.php
NEVER use echo to output HTML.
But always type it as is
?>
<input class="cbox"
onclick="if(this.checked){
document.getElementById('school').style.display='inline'
}else{
document.getElementById('school').style.display ='none'}"
type="checkbox" name="type[]" value="School" checked/><br>
Related
To display a string from the database In the output the string is shown halfway
Like the following Sample in database
PHP is a server scripting language
The output is as follows
php
.
Code to display
<input type="radio" name=<?php echo 'answare'.$r['id_q'];?>
value=<?php echo $r['answare'];?> >
Its messy,
Please separate the 2, your view & your controller should not be mixing.
$radio = sprintf('<input type="radio" name="answare%s" value="%s" >', $r['id_q'], $r['answare'] );
Please look into template & mvcs.
Try Laravel, its an easy thing to pick up.
You should always put quotes around attributes. Otherwise, a space in the attribute will end it.
<input type="radio" name="<?php echo 'answare'.$r['id_q'];?>"
value="<?php echo htmlentities($r['answare']);?>" >
Using htmlentities() protects in case $r['answare'] contains quotes or other special characters.
I have a problem with 'hidden',
PHP:
$text = addslashes("Black Sun's zenith");
echo "<input type='hidden' value=".$text." name='saveCard[]'>";
showing the actual code is:
<input type="hidden" value="Black" sun\'s="" zenith="" name="saveCard[]">
to show the correct code is:
<input type="hidden" value="Black Sun's zenith" name="saveCard[]">
Thank all.
addslashes is a generic routine for escaping content for languages that use the \ character to start an escape sequence. HTML is not such a language, and most languages that are have a better, more specific function to handle escaping.
Use htmlspecialchars, not addslashes to escape content for HTML.
Since the attribute value contains spaces, you also need to wrap it in quote characters.
echo "<input type='hidden' value=\"".htmlspecialchars($text)."\" name='saveCard[]'>";
As a rule of thumb, try to avoid putting HTML inside PHP strings.
?>
<input
type="hidden"
value="<?php echo htmlspecialchars($text); ?>"
name="saveCard[]">
<?php
Yes, put {} around $text variable should help.
I'm trying to create a textbox that will be displayed on my website. When displayed, I'd like to show some data within the text box. Here is what I have
echo "<input type=\"text\" size=\"100\" value=\"\">";
All that shows up in the text box is <a href=
And then at the end of the text box, right after the text box I see ">
I know something must be syntactically off, just not sure what.
You must encode <, ", and > chars - they can't be embedded that way. Use:
echo '<input type="text" size="100" value="'.htmlspecialchars('').'">';
You may also use urlencode() function - see which suits you better.
One more tip - use single quotes when string contains HTML-like content. This will save you adding \" everywhere.
php_code ?>
<input type="text" size="100" value="<a href="e;<?=$url;?>"e;></a>\">
<?php
php_code
maybe this will work for you
Think of what the html would look like:
<input type="text" size="100" value="">
^
|
This is where the value attribute ends!
htmlspecialchars should solve it.
You have made some mistake. Your code will result in something like that (also visible in this jsfiddle):
<input type="text" size="100" value="">
Instead you can use something like that:
echo "<input type=\"text\" size=\"100\" value=\"<a href="$url"></a>\">";
or
echo '<input type="text" size="100" value="<a href="' . $url . '"></a>">';
to receive effect visible in this jsfiddle. Is it satisfying enough?
I have a text box like ,
<!--<input type="text" maxlength="255" name="$key" value="<?php echo $value;?>" />-->
$value is b'bbb"bbb
But it only shows b'bbb as value.Can any1 help ???
Properly escape your data that should be displayed unparsed in HTML using htmlentities():
<input type="text" maxlength="255" name="<?php echo htmlentities($key);?>" value="<?php echo htmlentities($value);?>" />
The quote char (") is breaking your code. It could get more dangerous if you've a $value like "><script>alert("xss")</script> (it's called XSS and will pop up an alert box with "xss")
Obviously the " in your $value is breaking the html.
Try echo htmlspecialchars($value);
you can use htmlentities() to use single and double quotes inside the textbox or when using session values
when I have a value like this in the database ("foo")
how can I echo it without any conflict with html code
notice
<input type="text" value="<? echo '"foo"'; ?>" />
the result will be like this
<input type="text" value=""foo"" />
how can I fix it ?
use urlencode
or htmlspecialchars
link
You can use htmlentities to overcome this problem like so:
<input type="text" value="<? echo htmlentities('"foo"'); ?>" />
this will return
<input type="text" value=""foo"" />
avoiding any conflict with html.
htmlspecialchars() basically, for example
<input type="text" value="<? echo htmlspecialchars($value, ENT_QUOTES); ?>" />
The ENT_QUOTES is optional and also encodes the single quote ' .
I used $value since I'm not sure what exactly you have in the database (with or without quotes?) but it will sit in some kind of variable if you want to use it anyway, so, I called that $value.
Since the above is a bit unwieldy I made a wrapper for it:
// htmlents($string)
function htmlents($string) {
return htmlspecialchars($string, ENT_QUOTES);
}
So you can
<input type="text" value="<? echo htmlents($value); ?>" />
Not to be confused with the existing htmlentities(), which encodes all non-standard characters. htmlspecialchars() only encodes &, <, >, " and ', which is more appropriate for UTF8 pages (all your webpages are UTF8, right? ;-).
First, don't use short tags ('
Next, your HTML is malformed because you've got an extra set of quotes. Since you seem to be taking the approach of embedding PHP into the HTML, then a quick fix is:
<input type="text" value="<?php echo 'foo'; ?>" />
...although since this value is coming from your database it will be stored in a variable, probably an array, so your code should look more like:
<input type="text" value="<?php echo $db_row['foo']; ?>" />
For clarity, most programmers would try to eliminate switching between PHP parsed and non-parsed code either using a template system like smarty or....
<?php
....
print "<input type='text' value='$db_row[foo]' />\n";
....
?>
(Note that
1) when the variable is within double quotes with a block of PHP, the value is automatically substituted
2) when refering to an associative array entry within a double quoted string, the index is NOT quoted.
HTH
C.
<?php
echo "<input type='text' value='{$foo}' />" ;
?>