Hello i'm currently using a table to input values into a custom meta field. I have a text box called episode title. My problem here is that if the characters ' " are added in the field then everything goes in to chaos. I want to use the htmlspecialchars to input the values as " and ' instead of ' ". the below code does not work to covert the characters. Can anyone please help?
<p>
<input type="text" name="episode_title[]" id="episode_title[]" value="<?php echo ($_POST['episode_title']); ?>" class="title regular-text" style="width: 98%" />
<span class="description"><?php _e('Title of The Episode.'); ?></span>
</p>
add this to the htmlspecialchars call: ENT_QUOTES like so:
<?php echo htmlspecialchars($_POST['episode_title'], ENT_QUOTES); ?>
This will enable changing of both the " and the ' quotes
$_POST['episode_title'] is an array, so you need to get the right value from the array and use htmlspecialchars() on that value.
Something like:
value="<?php echo htmlspecialchars($_POST['episode_title'][$some_key]); ?>"
Edit: I am assuming that the $_POST array contains the results of the form when it is submitted.
Related
I have insert iframe value into my database using php. I need to display the inserted value in a textbox in another page. But while displaying the data it only displays the value till the first " in the iframe.
my code
<label>Location</label> <input type="text" style="resize:vertical" class="md-input" name="locationmap" class="md-input" value="<?php echo $comp_row['comp_locationmap']?>">
<i class="glyphicon glyphicon-pushpin form-control-feedback glyphiconalign"></i> </div>
The output textbox only displays "<iframe src= "
you need to escape the special characters!
you can do this by using htmlspecialchars() to convert only special characters to HTML entities
echo htmlspecialchars($comp_row['comp_locationmap']);
or htmlentities() to convert all characters to HTML entities
echo htmlentities($comp_row['comp_locationmap']);
I have a html form with a textbox in which i want to pull the name of the person signed in to automatically be filled in the text box when the page loads. below is the code i am using.
<input type="text" autocomplete="off" name="createdby" id="createdby" value= <?= $first_name.' '.$last_name ?> readonly>
the issue is with the php code
<?= $first_name.' '.$last_name ?>
Because of the space between .' ' . the last name does not show. however when i remove the space both the first name and the last name show but without any spaces. How do i pull both names from the database and have them separated
I believe it needs to look as follows:
<...value="<?= $first_name.' '.$last_name ?>" readonly>
You should use double quotes around your php tags.
implode() looks better then such concatenation:
implode(' ', array($first_name, $last_name));
Convert this:
<?= $first_name.' '.$last_name ?>
Into this:
<?php echo $first_name.' '.$last_name ?>
Or this if you want to simplify variables concatenation:
<?php echo “$first_name $last_name” ?>
Use the standard php tags and explicitly echo your values
My query extract a data value from mysql table where are a double quote in the text.
Select mytitle from title_table
The result is: This is my title: "for school"
This value I want to put inside a text field, but is truncated in this position This is my title:
I print the title by this: <?php echo $rows['mytitle']; ?>
How to put the entire title in a text field?
Thanks
Print inside the value of the text field, example:
<input type="text" name="title" value="<?php echo $rows['mytitle']; ?>">
I have resolve this problem. Are easy, but in a first time make a wrong Google search.
I have resolve by this: htmlentities
I think you search for this
<?php
echo '<input type="text" value="' . $rows['mytitle'] . '">';
?>
or in plain HTML with
<input type="text" value="<?=$rows['mytitle'];?>">
Look to, for the second example you must have enabled short_tags in your php.ini or use
<input type="text" value="<?php echo $rows['mytitle'];?>">
try this
<input type="text" name="yourkey" value="<?php echo $rows['mytitle'] ?>" />
I'm making a query to the database and am showing the value in input type text as follows:
<input type='text' name='title' value="<?php echo $noticia->_title; ?>" />
What happens is that if the text coming from the database comes within "" the text does not appear because the " " of value. If I switch to '' have the same problem if the text coming from the database is inside ''. How can I solve this problem?
value="<?php echo htmlspecialchars($noticia->_title) ?>"
htmlspecialchars() will encode any HTML metacharcters in there that would otherwise break your form, e.g.
$title = 'Hello "Joe"';
<input ... value="Hello "Joe"" />
^---breaks the form
becomes
$title = htmlspecialchars('Hello "Joe"');
<input ... value="Hello "Joe"" />
Convert text to HTML with htmlspecialchars.
echo htmlspecialchars($noticia->_title);
I retrieve three pieces of information from the database, one integer, one string, and one date.
I echo them out to verify the variables contain the data.
When I then use the variables to populate three input boxes on the page, they do not populate correctly.
The following do not work:
id: <input type="text" name="idtest" value=$idtest>
Yes, the variable must be inside <?php var ?> for it to be visible.
So:
id: <input type="text" name="idtest" value=<?php $idtest ?> />
The field displays /.
When I escape the quotes,
id: <input type="text" name="idtest" value=\"<?php $idtest ?>\" />
the field then displays \"\".
With single quotes
id: <input type="text" name="idtest" value='<?php $idtest ?>' />
the field displays nothing or blank.
With single quotes escaped,
id: <input type="text" name="idtest" value=\'<?php $name ?>\' />
the field displays \'\'.
With a forward slash (I know that's not correct, but to eliminate it from the discussion),
id: <input type="text" name="idtest" value=/"<?php $name ?>/" />
the field displays /"/".
Double quotes, escape double quotes, escape double quotes on left side only, etc. do not work.
I can set an input box to a string. I have not tried using a session variable as I prefer to avoid do that.
What am I missing here?
Try something like this:
<input type="text" name="idtest" value="<?php echo htmlspecialchars($name); ?>" />
That is, the same as what thirtydot suggested, except preventing XSS attacks as well.
You could also use the <?= syntax (see the note), although that might not work on all servers. (It's enabled by a configuration option.)
You need, for example:
<input type="text" name="idtest" value="<?php echo $idtest; ?>" />
The echo function is what actually outputs the value of the variable.
Solution
You are missing an echo. Each time that you want to show the value of a variable to HTML you need to echo it.
<input type="text" name="idtest" value="<?php echo $idtest; ?>" >
Note: Depending on the value, your echo is the function you use to escape it like htmlspecialchars.
From the HTML point of view everything's been said, but to correct the PHP-side approach a little and taking thirtydot's and icktoofay's advice into account:
<?php echo '<input type="text" name="idtest" value="' . htmlspecialchars($idtest) . '">'; ?>
If you want to read any created function, this how we do it:
<input type="button" value="sports" onClick="window.open('<?php sports();?>', '_self');">
I have been doing PHP for my project, and I can say that the following code works for me. You should try it.
echo '<input type = "text" value = '.$idtest.'>';