I'm a PHP-Newbie and want to create a simple Website to manage my CD Collection.
I connect to a MySQL-Database and create for each table a PHP-Array.
No i want to be able to edit my CDs within HTML-Forms and submit it back to the MySQL-Database.
For that i create a for-loop and put each array-varaible into an HTML-Form, so i can edit the text und via submit UPDATE my Database.
I know there is an answer for my question: stackoverflow Answer
But this solution didn't work for me.
One line:
echo "<input name="Titel" type="text" size="30" value="<?php echo $alben[$i]['Titel']; ?>">";
This line doesn't work, an i don't understand why.
Can someone please help?
EDIT:
If i just say:
echo $alben[$i]['Titel'];
This work. But with the HTML-Form i'm getting this error message:
syntax error, unexpected T_STRING, expecting ',' or ';'
Because you need escape the quotes and remove the 2nd echo
echo "<input name="Titel" type="text" size="30" value="<?php echo $alben[$i]['Titel']; ?>">";
into
echo "<input name=\"Titel\" type=\"text\" size=\"30\" value=\"" . $alben[$i]['Titel'] . "\">";
period is string concatination
"a" . "b" becomes "ab"
if you are in php tag use this:
<?php
...
echo '<input name="Titel" type="text" size="30" value="'. $alben[$i]['Titel']; .'">"';
..
?>
if you are in html, use this:
<input name="Titel" type="text" size="30" value="<?php echo $alben[$i]['Titel']; ?>">
Related
I have an array input in a form. I want to validate the form using php and not loosing the input if any error occurs. I read previous questions and used the following codes:
<input type="text" name="name[]" value="<?php echo (isset($_POST['name']))?$_POST['name']:'';?>">
<input type="text" name="name[]" value="<?php echo (isset($_POST['name']))?$_POST['name']:'';?>">
As you see the input is an array.
The problem is when an error occurs, the inputs become Array not the previous text in the field.
How can I solve this problem?
When you used echo $_POST['name'] while $_POST['name'] is an array, you will echo "Array". You should echo each element in this array
<?php
if (is_array($_POST['name'])){
foreach($_POST['name'] as $name){
echo '<input type="text" name="name[]" value="' . htmlspecialchars($name) . '"\n";
}
}
Also make it a habit to escape untrusted values with htmlspecialchars if you are going to inject them into the HTML, to protect against XSS attacks.
Since the input is an array, so is $_POST['name'], so you need to index into it to get the name, using indexes in the same order as the inputs in your file:
<input type="text" name="name[]" value="<?php echo (isset($_POST['name'][0]))?$_POST['name'][0]:'';?>">
<input type="text" name="name[]" value="<?php echo (isset($_POST['name'][1]))?$_POST['name'][1]:'';?>">
I'm having a problem with a HTML form and php.
I'm trying to make the default-value of a form-text field to be a pre-defined string. For this I'm using a reference. However, whenever I try to place a string into the form using PHP or references in any kind shape or form, only the first word gets added.
Here is a picture to describe the situation:
Does anyone know why this is happening, and/or a way to work around this issue?
Actual code:
<?php
Echo "<input type=\"text\" name=\"Address\" value=\"one two three\"><br>";
?>
<?php
$str ="one two three";
Echo "<input type=\"text\" name=\"Address\" value=" . $str . "><br>";
?>
<input type="text" name="Address" value=<?php echo "one two three";?>><br>
<input type="text" name="Address" value=<?php $str = "one two three"; echo $str;?>><br>
<input type="text" name="Address" value="one two three"><br>
You don't quote the echoed words.
Basically you do this:
<input type="text" value=one two three />
But you need to do that:
<input type="text" value="one two three" />
Just add "" around the PHP.
BTW: You need to escape these if you don't want to get XSSed. These attacks are quite scary. Read about it here: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
The problem was the quotes when you was doing the echo on the php, you need to simple-quote it to make it works.
Html was understanding that two and three was additional parameters of the <input> because it wasnt quoted on the resulting html.
Use this way:
<?php
Echo "<input type=\"text\" name=\"Address\" value=\"one two three\"><br>";
?>
<?php
$str ="one two three";
Echo "<input type=\"text\" name=\"Address\" value=" . $str . "><br>";
?>
<input type="text" name="Address" value='<?php echo "one two three";?>'><br>
<input type="text" name="Address" value='<?php $str = "one two three"; echo $str;?>'><br>
<input type="text" name="Address" value="one two three"><br>
Its because you dont set it in "" or '' marks for the html.
The 2. Line: ...\"Address\" value=" . $str . ">....";
for example outputs for the value attribute: value=one two three
The interpreter now thinks two and three are propertys and not part of value.
Same with the other cases.
I think in this value attribute of input type having a string with whitespace. HTML treat it as separate attributes of input text.
To resolve this problem, u can use single quote at begining and end of value attribute.
Look this example. Hope you will like this. I just modified your code.
<?php
echo "<input type=\"text\" name=\"Address\" value=\"one two three\"><br>";
?>
<?php
$str ="one two three";
echo "<input type=\"text\" name=\"Address\" value='" . $str . "'><br>";
?>
<input type="text" name="Address" value='<?php echo "one two three";?>'><br>
<input type="text" name="Address" value='<?php $str = "one two three"; echo $str;?>'><br>
<input type="text" name="Address" value="one two three"><br>
In this case it will get One Two Three in every textbox.
I am trying to pass a certain data which I found in my table using the search to another php page . here is my code
echo "
1<form action="adm_edit.php?product_code=$record[0]" method="POST">
2<input type=submit value=Edit>
3</form>
4<form action="adm_edit.php?product_code=$record[0]" method="POST">
5<input type=submit value=Delete>
6</form>
";
my search function is working fine and record[0] is contain desired data but I am getting this error when I run this code:
Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in search.php on line 1
I put numbers on lines in above code for ease of reading
So could you please help me?
Thank you
Take care when using quotes from html elements in echos, also when using variables!
When using ' instead of ", you also have to put quotes in front of the variable and that way you stop echoing a string and can start with echoing a variable. You need to concatenate the var and the string with a . !
This will work :
echo '
<form action="adm_edit.php?product_code='.$record[0].'" method="POST">
<input type=submit value=Edit>
</form>
<form action="adm_edit.php?product_code='.$record[0].'" method="POST">
<input type=submit value=Delete>
</form>
';
<form action="adm_edit.php?product_code=<?php echo $record[0]; ?>" method="POST">
<input type=submit value=Edit>
</form>
<form action="adm_edit.php?product_code=<?php echo $record[0]; ?>" method="POST">
<input type=submit value=Delete>
</form>
I've looked at every other question involving this topic, but they are all in different situations, and I've tried to follow some of their tips to no avail. This is my code. The supposed error line is in bold.
echo " </select> :
<select name=\"event_time_mm\">
<option value=\"00\">00</option>
<option value=\"15\">15</options>
<option value=\"30\">30</options>
<option value=\"45\">45</options>
</select>
<input type=\"hidden\" name=\"m\" value=\"".$m"\">
**<input type=\"hidden\" name=\"d\" value=\"".$d"\">**
<input type=\"hidden\" name=\"y\" value=\"".$y"\">
<br/><br/>
<input type=\"submit\" name=\"submit\" value=\"Add Event\">
</form>";
you are missing concatenation . with variables $m, $d ,$y
value=\"".$m."\">
add . after all these three variables.
Just to present another option, the heredoc syntax is quite nice for multi-line strings like this, e.g.:
echo <<<EOD
<input type="hidden" name="m" value="$m">
**<input type="hidden" name="d" value="$d">**
<input type="hidden" name="y" value="$y">
EOD;
Addendum: If you are already using double quotes, you should avoid the concatenation operator and switching in and out of the string altogether:
echo "
<select>
<input type=\"hidden\" name=\"m\" value=\"$m\">
</form>";
Works the same.
I'm using PHP to retrieve the data from a database.
Every time I retrieve it from database it doesn't show the whole letters. It's being removed off after space???
I want like the first text box, show all the letters
both code doesn't work
<input type="text" class="textinput" value=' . $r['newsletter_title'] . '>
<input type="text" class="textinput" value=' . htmlspecialchars($r['newsletter_title']) . '>
I checked the database it's showing the whole letters "80% sale On Day"
Does anyone knows what causes this? Any solution please!!!
You need to quote the value (and use htmlspecialchars):
<input
type="text"
class="textinput"
name="newsletter_title"
id="newsletter_title"
value="' . htmlspecialchars($r['newsletter_title']) . '"
/>
Which generates:
<input
type="text"
class="textinput"
name="newsletter_title"
id="newsletter_title"
value="80% sale On Day"
/>
Otherwise you're generating invalid html/xml (which is why it isn't working)...
Type escaping the content with htmlspecialchars() - http://www.php.net/manual/en/function.htmlspecialchars.php
The value of the value-attribute is not enclosed in quotes. Enclose the value of the value attribute in quotes. Use your browser to look at the HTML that you generate. Don't just look at how your browser renders that HTML.
<input type="text" class="textinput" name="newsletter_title" id="newsletter_title" style="width:500px;" value="' . htmlspecialchars($r['newsletter_title']) . '">
Problem Solved. Thanks guys!