echo '<td>'.$row_sv['name'].'</td>';
I don't want to use any target and changed it like this but it messed up my table
echo '<td><a href="'.$row_sv['website].'$row_sv['name'].'</a></td>';
something wrong?
To make such pieces clearer I prefer using templates. In your case that would be:
printf( '<td>%s</td>', $row_sv['website'], $row_sv['name'] );
No mess with the quotes and opening/closing tags.
You should use the following:
echo '<td>'.$row_sv['name'].'</td>';
You mixed up the quotes a bit:
echo '<td>'.$row_sv['name'].'</td>';
You deleted too much, and then messed up something that was ok to begin with.
Use:
echo '<td>'.$row_sv['name'].'</td>';
In addition to deleting too much, you also had $row_sv['website] instead of $row_sv['website'] which should've cause a parse error too (unless it was just a typo here).
In the future here, you could also paste the HTML output instead of saying "it messed up my table" -- it'll make it easier for you to see the problem as well as folks here, I am sure.
Related
I have this code in a template
[[+isShowMore:is=`1`:then=`show more`:else=`no`]]
It is printing no. But it should show show more as placeholder isShowMore is set to 1 by this line of code in a snippet.
$modx->setPlaceHolder('isShowMore', 1);
Also checked by this code
[[+isShowMore]]
[[+isShowMore:is=`1`:then=`show more`:else=`no`]]
[[+isShowMore]] is printing 1 but the line with output modifier showing no.
Any clue what is wrong here? I am using modx revolution 2.2.8 traditional.
Similar issue is also posted in modx forum.
http://forums.modx.com/thread/85150/output-filter-on-placeholder-problem#dis-post-469615
I had this problem; my page was using a template that had [[*content]]. Changing that to [[!*content]] to get rid of caching solved my issue.
FYI, my snippet is being called with ! so that its output isn't cached either.
Are you doing that conditional inside another conditional somehow? Nesting conditionals usually cause this type of weird problem. Have you tried calling both your snippet and the placeholder output uncached?
I've also experienced this several times and there doesn't seem to be an obvious cause, some unknown magic in the modx output conditional logic. Experience has taught me to simply try to avoid using them as much as I can.
It's ugly but perhaps you could work around your problem by placing whatever you wish to output in the actual placeholder and then just printing the placeholder as it is.
Not sure why this doesn't work in your case so I recommend you do it with a snippet.
[[EvalIsShowMore? &val=`[[+isShowMore]]`]]
in EvalIsShowMore snippet put something like
<?php
if($val){
echo 'something';
}else{
echo 'nothing';
}
Hm, probably your placeholder is located above snippet!
In Modx output occurs at the last moment, but the logic works consistently (cascade).
Here's an example of how to do:
[[+isShowMore]]
[[!yourSnippet]]
[[+isShowMore:is=`1`:then=`show more`:else=`no`:toPlaceholder=`isShowMore`]]
another example:
[[+snippet_placeholder1]]
[[!snippet]]
[[+snippet_placeholder1:add=`[[+snippet_placeholder2]]`:toPlaceholder=`snippet_placeholder1`]]
give the eq modifier a try:
[[+isShowMore:eq=`1`:then=`show more`:else=`no`]]
I'm quite new here. I'm trying to make a blog/journal site that allows users to post their own journal. I'm still quite reluctant on making it because I am really afraid of malicious code injections.
So here's a sample code:
<?php
$test = "<b>blah</b>"; //User input from SQL
echo "$test";
?>
What will come out is just the word "blah" in bold right? What I was trying to achieve was to echo "<b>blah</b>" instead. I don't want people to put some PHP codes that can actually mess up my whole web page. Please keep in mind that the variable $test is actually a MYSQL query, so that variable will be needed as an example. I know you can do echo '$test'; but it just comes out as "$test" instead. I feel like pulling my hair out I can't figure it out yet.
The second solution I know of is the htmlspecialchars(); function, but I want the strings to display as what I typed, not the converted ones...
Is there any way I can do that?
I think the OP wants the HTML itself to be output to the page, and not have the tags stripped. To achieve this, you can run the string first through htmlentities()
$test = '<b>blah</b>';
echo htmlentities($test);
This will output:
<b>blah</b>
Which will render in the page as
<b>blah</b>
Echo don't execute PHP code from string. This is impossible and this is not security hole in your code.
You can use a template engine like Twig for exemple.
If htmlspecialchars(); is not the one you are looking for, try the header() option.
header('Content-type: text/plain');
When you are gonna give <b>Hi</b> to a browser, it will be displayed in Bold and not the text be returned. But you can try this way, outputting it inside a <textarea></textarea>.
Or the other way is to use htmlentities():
<?php
$test = "<b>blah</b>"; //User input from SQL
echo htmlentities("$test");
?>
I just noticed today that I have got lots of spam links in my wordpress blog. I just found a file which contains
<?php eval (chr(101).chr(114)...
Its very very long string. Can someone tell me how can I decode this to see what it does? So that I can try to remove the spam links?
Thanks.
Just replace eval by echo and have a look at the generated output
<?php echo (chr(101).chr(114)...
Instead of executing (eval) you can just echo out what it says, preferrably with htmlspecialchars if you execute it via browser:
<?php echo htmlspecialchars(chr(101)...
odds are though that you won't see anything understandable, since it is probably encoded in more ways than one.
Simply replace eval with echo:
<?php echo (chr(101).chr(114)...
Besides that, you most likely need to reinstall whatever you have on your webspace as you obviously have been hacked. Ensure that you use the most recent version of Wordpress and all other software you are running to prevent this from happening again.
So I'm trying to do something extremely simple, and after reading through forums, and researching on google I still can't figure out why this is not working. But this is mostly like because I'm still a very much noobie programmer. I'm trying to send information through a url, and having a script pick it up using the $_GET super global.
Here's the link code, in a file called TESTFORM.php:
<p>
Here's a link:
ID
</p>
This is the TESTGET.php script:
<?php
if (isset($_GET['id']))
echo 'it is set<br />';
else
echo 'it is not set<br />';
?>
This yields in a "It is not set" appearing on the page every time. Any thoughts? Are there ghosts in my computer ruining my code? Thanks for taking the time to read through this! Happy coding!
I'm no PHP programmer, but I do know from HTML that computers (especially file names) don't "like" spaces. Try removing the spaces in the id = 5 code.
Your problem is the extraneous space here around the URL parameters:
ID
That will result in PHP seeing the parameter as $_GET["id_"]. The space gets converted into an underscore.
It's always best to use var_dump($_GET); or var_dump($_REQUEST) when you run into such problems. Secondarily it is sometimes helpful to get rid of isset in such cases. Albeit you have a custom error message in place of the language notices intended just for that.
Have you tried to remove spaces in your link?
ID
Code seems fine at a glance, have you tried removing the spaces in
?id = 5 to ?id=5
Well, I've gone over this atleast 30 times, tried as many possible combinations that I could think of, can you spot the syntax error? (I can't, obviously). It doesn't display what it should be, instead it displays the actual html of the page!
The Code:
$ct->data[$key][1] =
'<input id="quantity" name='."items[<?=$product_id;?>]".
'type="text" value="'.$ct->data[$key][1].'"
style="background:#FFFFFF url(qty.png) no-repeat 4px 4px;
Can someone please tell me what I've done wrong? Any help/advice at all is appreciated.
Thanks!
What is this?
name='."items[<?=$product_id;?>]".' type=
I think you meant
name="items[' . $product_id . ']" type=
Using short tags is a very bad practice. It makes code harder to read and it isn't enabled by default on most environments. Which can lead to mistakes like this one.
Always use the full <?php (and not <?) and <?php echo "string" instead of <?="string">. This will prevent many mistakes.
Then, it looks like you're trying to evaluate PHP in strings. echo "echo 'test'"; will never print test, it will always print echo 'test'. It's the same thing for items[<?=$product_id;?>]. First of all, it isn't even a valid PHP syntax and second of all, even if it was really, you can use $product_id without any other modification : items[$product_id]. (edit: actually, I'm not even sure what you're trying to do here).
I'm not going to go over all your code, but it seems like you lack the basics of the language. It may be good to review them!