I'm putting html variable inside php var but they aren't escaped correctly so I have problem: who can help me? here here it is the code:
$var['foo'] = "<p>$coord->name</p><p>$coord->address</p>Details";
where it's the problem ?
Hmm... several errors in there, but this should work:
<?php
$var['foo'] = "<p>{$coord->name}</p><p>{$coord->address}</p>Details";
$var['foo'] = "<p>".$coord->name."</p><p>".$coord->address."</p>Details";
cheers
For working with such large strings, I favor using sprintf:
$var['foo'] = sprintf(
'<p>%s</p><p>%s</p>Details',
$coord->name,
$coord->address,
site_url($id)
);
Concatenation generally has a small performance advantage over double quotes. Also, in text editors that highlight syntax, the variables stand out better.
$var['foo'] = '<p>' . $coord->name . '</p><p>' . $coord->address . '</p>Details';
Related
I'm sorry that this is basic. When I use this PHP code it works fine:
$data = '{"reportID":1092480021}';
However, when I run my URL like this:
http://localhost:8000/new/reportget.php?type=1092480021
and use this PHP code:
$reportref = $_GET['type'];
$data = '{"reportID:".$reportref."}"';
I get the error
Error_description:reportID is required
I think it's an error with how I am joining my variable to the string but I can't understand where I am going wrong.
Your string is improperly quoted. To match the format in your first example use:
$data = '{"reportID":' . $reportref.'}';
Note there are no double quotes on the last curly.
Even better:
$reportref = 1092480021;
$data = [ 'reportId' => $reportref ];
var_dump(json_encode($data));
Output:
string(23) "{"reportId":1092480021}"
For simple view and understanding, can you try out:
$data = "{\"reportID\":$reportref}";
Think that should sort it out
Use it like this
data = '{"reportID:"'.$reportref.'"}"';
It isn't working because you wrap all the value within single quote and when it come to concatenate the $reprtref you put directly .$reportref without closing the first single quote and after putting the value to concatenate you forget to open another single quote
'{"reportID:".$reportref."}"';
the correct value is
'{"reportID:"' . $reportref . '"}"';
and to match the way you specify your $data value It must be like this
'{"reportID":' . $reportref . '}';
I'm trying to pass GET variables inside the URL with a bit of html inside of my PHP but can't figure out the quotes situation. I need to embed two variables inside the URL. I have one in but don't know how to embed the other. Here is the string:
echo "<a href='?id=".($id-1)."' class='button'>PREVIOUS</a>";
and here is what I need to go inside
&City=$City
Thanks for the help
Its pretty simple,
echo "<a href='?id=".($id-1)."&city=" . $City . "' class='button'>PREVIOUS</a>";
In php double quotes "" can eval variables inside them.
$test = "123;"
echo "0$test456"; // prints 0123456
In your case you better use single quote ''.
echo '<a href=\'?id=' . ($id-1) . '&City=' . $City . '\' class=\'button\'>PREVIOUS</a>';
or better
echo 'PREVIOUS';
Use something like this:
echo "<a href='?id=".$id."&City=".$city."'>";
You do need (well, it's good practice anyway) to use & for your ampersand. Otherwise it's fairly straight forward;
echo "<a href='?id=".($id-1)."&City=$City' class='button'>PREVIOUS</a>";
This is because you are using double quotes, which means you can put variables directly into the string (there are some exceptions which you might need to put in curly brackets {}).
I suggest you get a text editor with syntax highlighting, such as jEdit (other editors are available).
Hope this helps.
Maybe is it better to use the sprintf function
$id = 100;
$previousId = $id - 1;
$City = 'Amsterdam';
$link = 'PREVIOUS';
echo sprintf($link, $id, $City);
I need to put $row['key'] in schedule.php?id= but I'm having trouble with concatenating
echo ' {label:"<a style=\'color:black\'target=\'_blank\' href=\'schedule.php?id='".$row['key']."' \'>'.$row['fname'].' '.$row['lname'].'</a>"},';
Don't build JSON by hand, create an array, then json_encode it. This should make it easier to juggle with your quotes.
$data = array(
'label' => '<a style="color:black;" target="_blank" href="schedule.php?id='.$row['key'].'">'.$row['fname'].' '.$row['lname'].'</a>'
);
echo json_encode($data);
The syntax highlighter makes it easy to see your error. You just got your quotes backwards:
id='".$row['key']."' \'>'.$row['fname'].' '.$row['lname'].'</a>"},';
^^^^ ^^^^
HERE HERE
should be
echo ' {label:"<a style=\'color:black\'target=\'_blank\' href=\'schedule.php?id="'.$row['key'].'" \'>'.$row['fname'].' '.$row['lname'].'</a>"},';
As mentioned in the comments above, this is not the best way to construct JSON. Look into json_encode() to see how it can make your life easier.
Please use the following updated code :
echo " {label:'<a style=color:black target=_blank href=schedule.php?id=".$row['key'].">'".$row['fname']."' '".$row['lname']."'</a>'},";
Hope it helps you.
I want to add code php to variable with html, for example
$html = '<b></b> <?php echo $lang["text"] ?>';
but it don't interpret php code. What am I doing wrong?
Use string concatenations like this:
$html = '<b></b>' . $lang['text'];
or insert variable in double quoted string like this:
$html = "<b></b>${lang['text']}";
both versions are correct, use the one that you like.
What you want is called string interpolation (read about how it works for PHP).
Your particular example would be solved using
$html = "<b></b> {$lang['text']}";
String interpolation only happens in double quoted string ("string here").
its very important to escape the output. (security basics)
$html = sprintf('<b>%s</b>', htmlspecialchars($lang['text']));
You can't switch from "Output raw text mode" to "Run PHP code mode" in the middle of a string while you are already in "Run PHP code mode"
$html = "<b></b> ${lang['text']}";
… although why you want an empty bold element is beyond me.
<?php
$html = '<b>'.$lang['text'].'</b>';
?>
make sure file extension is php.
<?php
$html = '<b>' . $lang["text"] . '</b>';
?>
I have this link that works.
echo '<a href="?country=Estonia&from_language=Russian&into_language=Latvian&submitted=true&
page='.$x. '">'.$x.'</a> ';
But I need the nouns Estonia, Russian and Latvian replaced by scalar variables like $country, $from_language, $into_language.
I have tried all possible combinations of dots and single and double quotes. I always get syntax errors. I don't know how the embed the variables there.
Anybody knows?
thank you
Do yourself a massive favour and use http_build_queryDocs:
<a href="?<?php echo http_build_query(array(
'country' => $country,
'fromLanguage' => $fromLanguage,
'somethingElse' => $somethingElse,
'...' => '...'
), '', '&'); ?>">Link</a>
use something easy one like sprintf or printf.
eg:
printf('<a href="?country=%s&from_language=%s&into_language=%s&submitted=true&
page=%s">%s</a>', $country, $fromLanguage, $toLanguage, $pageID, $dispText);
You could also use something like encoding with double quote sign like:
echo "<a href=\"?country={$country}&from_language={$fromLanguage}&into_language={$toLanguage}&submitted=true&
page={$pageID}\">{$dispText}</a>"
Avoid to put variables directly into string when not extremely simple. Use concatenation instead, and escape string if you want to make something good:
echo '<a href="?country=' . htmlentities($country) .
'&from_language=' . htmlentities($from_language) .
'&into_language=' . htmlentities($into_language) .
'&submitted=true&page=' . intval($x) . '">' . htmlentities($x) . '</a> ';
Anyway, if you really want it the complex way, you have to consider that you need doble quotes for HTML attributes, but double quotes are needed to wrap the PHP string because you want to put variables in it. So, you must escape HTML double quotes. Try:
echo "' . $x . ' ';
Combining the answers of Corbin and KoolKabin gives you this easy-to-read snippet:
printf('%s',
htmlspecialchars(
http_build_query(array(
'country' => $country,
'from_language' => $from_language,
'into_language' => $into_language,
'submitted' => 'true',
'page' => $x
))
),
htmlspecialchars($x));
Parametrization
printf and sprintf are very useful for adding parameters to strings. They make it easy to add escaping or complex values without making the string itself unreadable. You can always see at a glance what string it is by the first parameter.
http_build_query is also a way of parametrizing, but for the querystring. The main use is that you don't need to focus on the syntax of querystrings at all.
Escaping
htmlspecialchars makes sure that the data is fit for insertion into HTML code. It's similar to escaping in SQL queries to avoid SQL injections, only here we want to avoid HTML injections (also called XSS or cross-site scripting).
http_build_query will automatically make sure that all values are escaped for insertion as an URL in the address field in a browser. This does not guarantee fitness for insertion into HTML code. htmlspecialchars is therefore needed for the querystring as well!
If you scripts output HTML, consider to configure the output setting for argument separators arg_separator.output:
ini_set('arg_separator.output', '&');
You can then simply create the URI query info path by using http_build_query:
$country = 'de';
$fromLanguage = 'en_EN';
?>
Link
Which will give you a perfectly validly encoded output, which is immune to injections:
Link
Full Demo
$country = 'Estonia';
$from_language = 'Russian';
$into_language = 'Latvian';
echo ''.$x.' ';
OR
echo "$x";
OR
echo "{$x}";