I want to submit the value under h1 tag into my Sql table
Example, if this where the given input string:
<h1>hello</h1>
how to echo "hello" with php (this is a hidden value to submit along with form)
<input type="hidden" name="post_id" id="post_id" value="<?php
echo $Pattern = "/<h1>(.*?)<\/h1>/";
?>" />
the above one writes
/<h1>(.*?)</h1>/
into my table
Are you escaping the HTML before attempting to insert it into the database try mysql_real_escape_string($htmlyouwant);
and
echo "<h1>".$message."</h1>";
Related
Form:
<form method="POST" action="edit_work.php">
<input type="hidden" name="wid[]" size="1" value="<?php echo "$wid1" ?>" >
<input type="text" name="course[]" size="15" value="<?php echo "$course1" ?>" >
PHP:
extract($_POST);
for($i=0;$i<$count;$i++) {
echo $wid[$i];
echo $course[$i];
}
gives the wid values OK but not the text entered for the course names.
I have been through all forums for 2 days now. Any help? Thanks.
If you want your PHP to retrieve your data from the form, can't you name your text input "course", then get it inside your PHP with $_POST['course'] ?
What is your $count ?
Using brackets with your name attribute inside your input tag may be dangerous.
If you're using a list of inputs maybe you can define a text format like name="course#" where # is your index and then access it form your $_POST variable using $_POST['course'.$index]
You don't need to extract($_POST) in that case.
<input type="radio" name="package" value="SOME_VALUE_HERE">
I am using Joomla but i think its something related to PHP. I have a form on my website, and it has RADIO button , what i want is when the user submits the form with that RADIO BUTTON selected, in place of the value (SOME_VALUE_HERE) , i want something else to get stored in the database. That something should a 10-15 liner text. Can i make a $PHP variable and assign that 10-15 liner text to that variable and use it in place of the value=(SOME_VALUE_HERE).
Example :
<input type="radio" value="$phpvariable">
Where $phpvariable is a 10-15 liner text!
Hope you got my point!
You need to use php-tags and echo the php variable in the value of the input:
Assign value to php variable:
<?php $phpvariable = 'SOME LONG TEXT HERE'; ?>
The input:
<input type="radio" name="package" value="<?php echo $phpvariable; ?>">
You will also need a name for your input so that you can get the value
My suggestion would be to try:
<input type="radio" name="package" value="<?php echo htmlspecialchars($name); ?>">
If that does not work, just create a hidden field:
<input type="hidden" name="packageHidden" value="<?php echo htmlspecialchars($name); ?>">
function htmlspecialchars prevents XSS attacks as well.
I've a column inside my table to put Html codes, I will use this table for email templating.
I have inside my page, all the templates inside my table, with two buttons, one to remove, and another one to edit.
The edit button shows the code inside a textbox, and to do the preview I did an echo to the code column.
<div class="tempcolumn">
<div><textarea name="ai" rows="15" cols="100" name="code" placeholder="Code">
<?php echo $get_temp; ?></textarea></div>
</div>
Preview
<div class="tempcolumn">
<p><?php echo $get_temp; ?></p>
<div></div>
</div>
To recognize the code and the id i created an hidden input
<input type="hidden" name="temp_id" value="'.$val['template_id'].'">
<input type="hidden" name="temp_code" value="'.$val['text'].'">
The script is working, but when i insert inside the code column some "<" or "=" doesn't work
Is inferfering because it reads the input value like this:
<input type="hidden" name="temp_id" value=" Value here + 'random character that closes the tag' ">
Is there a easier way to do that?
Thanks
You can try;
htmlspecialchars($value)
This will convert html characters to their non-interfering cousins.
See http://docs.php.net/manual/en/function.htmlspecialchars.php as I can't post the equivalents without them becoming characters.
I'm making a query to the database and am showing the value in input type text as follows:
<input type='text' name='title' value="<?php echo $noticia->_title; ?>" />
What happens is that if the text coming from the database comes within "" the text does not appear because the " " of value. If I switch to '' have the same problem if the text coming from the database is inside ''. How can I solve this problem?
value="<?php echo htmlspecialchars($noticia->_title) ?>"
htmlspecialchars() will encode any HTML metacharcters in there that would otherwise break your form, e.g.
$title = 'Hello "Joe"';
<input ... value="Hello "Joe"" />
^---breaks the form
becomes
$title = htmlspecialchars('Hello "Joe"');
<input ... value="Hello "Joe"" />
Convert text to HTML with htmlspecialchars.
echo htmlspecialchars($noticia->_title);
I have spent quite some time making a function and the last 15-20 minutes trying to figure this out. I need help!
I am selecting multiple rows from the database and then running them in a while loop.
They are available on a dropdown menu.
<form method="POST" action="adminprocess.php">
<fieldset>
<p>
<label class="left2">League:</label>
<select name="league" class="combo">
<?php
$q = $database->selectAllLeagues();
while($row=mysql_fetch_assoc($q))
{
$theid = $row['id'];
extract($row);
?>
<option value="<? echo $theid; ?>">
<? echo $format.'_'.$game.'_'.$name.'_Season '.$season;?>
</option>
<?
}
?>
</select>
</p>
<p>
<input type="hidden" name="replaceleague" />
<input type="hidden" name="format" value="<? echo $format; ?>" />
<input type="hidden" name="game" value="<? echo $game; ?>" />
<input type="hidden" name="name" value="<? echo $name; ?>" />
<input type="hidden" name="season" value="<? echo $season; ?>" />
<input type='submit' class="button" value='Select league' />
</p>
</fieldset>
</form>
$theid seems to be working fine dependning on which row i select on the dropdown menu.
However, I cant get the values below in the hidden inputs to pass through the correct values from the row selected in the dropdown box.
It seems to always pass through the 4 variables from the first row of the database.
So basically, I need it to select the right row and use that data.
What am i doing wrong!!!
Thanks for reading!
Your hidden fields are initialized outside the loop, so they'll use the values that were left over from the last iteration of the while loop. (i.e. the last fetched row)
Why do you actually need the hidden fields in the first place? When you submit the form, the league field will contain the ID of the row selected in the drop-down box. Using the ID, you can fetch the other fields from the database when processing the form.
To directly answer your question about the while loop, it's because the hidden inputs are echoed outside the loop, after which data the last-iterated row from your database is used by PHP to output to those hidden inputs.
But I suggest that instead of using hidden form elements like that, you submit your form with the <option> with the value a user chooses, read the value (as in $_POST['league']), and fetch the row from your database with that ID and use it accordingly. (You may wish to keep the replaceleague hidden input if your application needs it of course.)
It's much easier, plus it ensures the information about the row a user chooses is coming from your database and not tampered with. In fact, for most applications this is the right way to go.