Escaping a complicated string with PHP - php

I have a string like this:
<form action='php/zoneNotifUnsub.php' id='zoneNotifUnsub' method='POST'>
<?php
echo $var;
?>
</form>
I want to echo it out with PHP, and have it look exactly as above.
I started with this:
echo '<form action='php/zoneNotifUnsub.php' id='zoneNotifUnsub' method='POST'>
<?php
echo $var;
?>
</form>';
But the additional single quotes inside are causing me problems. How can I have the exact verbatim output of my string print (so that no variables are parsed and no code is run)?


Normal Escaping would look like this:
echo '<form action=\'php/zoneNotifUnsub.php\' id=\'zoneNotifUnsub\' method=\'POST\'>
<?php
echo $var;
?>
</form>';
Escaping every one of the ' with a backslash. To recap how strings work look in the manual page
You could also go with the HEREDOC Syntax that would look a little bit nicer:
echo <<<OUT
<form action='php/zoneNotifUnsub.php' id='zoneNotifUnsub' method='POST'>
<?php
echo $var;
?>
</form>
OUT;


You can also use double quotes for the things you want to echo.
So: '<form action="php/zoneNotifUnsub.php" id="zoneNotifUnsub" method="POST">'; and so on.


Try escaping them
echo '<form action=\'php/zoneNotifUnsub.php\' id=\'zoneNotifUnsub\' method=\'POST\'>
<?php
echo $var;
?>
</form>';


Using double quotes could be an option in this case:
echo "<form action='php/zoneNotifUnsub.php' id='zoneNotifUnsub' method='POST'>
<?php
echo $var;
?>
</form>";

Related

Passing php variable as hidden input where html is contained in one echo

<?php
if(isset($_POST['btnLogin'])){
$myVariable = $_POST['fieldParameter'];
if(condition){
//do something
}else{
echo "
<form method='POST' action='submit.php'><br/>
<input type='hidden' name='myVariable' value='<?php echo $myVariable; ?>'/>
<br/>
<input type='submit' name='btnSubmit' id='submit' value='Submit'>
</form>
";
}
}
?>
Notice that the variable $myVariable is contained in the main IF block. I'm trying to send the value of $myVariable to submit.php as hidden field.
Also, i enclosed all the html tags using one echo statement with double quotes.
I found related questions here in SO but can't find similar to embedding php within a long echo of html tags
I tried to put value='<?php echo $studentNo; ?>' with no success.
I want to access it in a submit.php file like this,
submit.php
<?php
$aVariable = $_POST['myVariable'];
echo $aVariable;
?>
How can I pass the value contained in $myVariable as hidden field? Is there something wrong with the way I use double and single quotes?

If you are already echoing a string you shouldn't put <?php echo "" ?> inside it again. You should concatenate your string instead. But in your case you don't even need to do that, because you're using double quotes for echoing which means you can simply just write your variable in it.
echo "<form method='POST' action='submit.php'><br/>
<input type='hidden' name='myVariable' value='$myVariable;'/>
<br/>
<input type='submit' name='btnSubmit' id='submit' value='Submit'>
</form>";
If you were using single quotes for your echo, it would look like this:
echo '<form method="POST" action="submit.php"><br/>
<input type="hidden" name="myVariable" value="' . $myVariable . '"/><br/>
<input type="submit" name="btnSubmit" id="submit" value="Submit">
</form>';

You just need to type $myVariable instead of in your string. Double quotes "" only creates a string literal. It doesn't directly output data like inline HTML. As you can see from the syntax coloring in StackOverflow, the
You can try these variants (simplified):
// code before
echo "<input type='hidden' name='myVariable' value='$myVariable'/>";
// code after
// OR //
// code before
?>
<input type='hidden' name='myVariable' value='<?= $myVariable ?>'/>
<?php
// code after
Note that the quotes you use in HTML don't affect PHP, as long as you escape them properly (use \" and \' where appropriate).

Changing value of $_SESSION variable using submit button

I am trying to make code changing news pages and I am having difficulties.
$_SESSION['page'] doesn't change value and always stays as 1.
Thank you.
<?php
session_start();
if (!isset($_POST['set_page'])) {
$_SESSION['page'] = 1;
}
else {
eval("return '".$_POST['change_page']."';");
}
echo "Page ".$_SESSION['page'];
echo '<form action="test.php" method="post">';
echo '<input type="hidden" name="change_page" value="$_SESSION["page"]++"/>';
echo '<input type="submit" name="set_page" value="Next Page"></form></p>';
?>

Your statement here is wrong ++ operator will work like that change that line like this
echo '<input type="hidden" name="change_page" value="'.$_SESSION["page"]++.'"/>';
and your single quotes, When you embed some variable inside string use double quotes or use concatenation.

Trouble with php using quotes, double quotes and backslash

I've been hours trying to figure out how to solve one thing, first I had this that works:
echo "<p>$valor[nombre_categoria]
<input type='button' value='modifica'
onclick='location.href=\"mod_cat.php?categ=\""
,'</p>\n";
And then I tried to send with the link a variable but I can't figure it out how to use the quotes, double quotes and backslashes.
echo "<p>$valor[nombre_categoria]<input type='button' value='modifica'
onclick='location.href=\"mod_cat.php?categ=".
$valor[nombre_categoria]."\'</p>\n";
I'm sure the solution its easy but I cant figure it out thanks for reading

This works for me:
$valor['nombre_categoria'] = "hello";
echo "<p>{$valor['nombre_categoria']}
<input type='button' value='modifica'
onclick=\"location.href='mod_cat.php?categ={$valor['nombre_categoria']}'\"></p>\n";
or this:
echo "<p>".$valor['nombre_categoria']."
<input type='button' value='modifica'
onclick=\"location.href='mod_cat.php?categ=".
$valor['nombre_categoria']."'\"></p>\n";
outputs: (line break added for readability here)
<input type="button" value="modifica"
onclick="location.href='mod_cat.php?categ=hello'">

When you use double quotes, you have to use { and } :
echo "Hello {$foo['bar']}";
You can skip { and } if your variable is "simple" :
echo "Hello $foo";
In my opinion, it's always better to use concat :
echo 'Hello '.$foo;
Regards

I highly recommend you break your variables out a quote your array elements
echo '<p>' . $valor['nombre_categoria'] . '<input type="button" value="modifica" onclick="location.href=\'mod_cat.php?categ=' . $valor['nombre_categoria'] . '\'"/></p>' . "\n";
Easier to read

unable to get my window.location to work within echo tag

echo "<form><input type='button' value='$back_label' onclick='window.location="'$url'"'/></form>";
I cant figure the whole single and double quotes thing when it comes to the window.location code because it has an extra set of single quotes to wrap around the url. I have no idea what to do. I tried escaping the quotes.
Also, can you use a relative path for this method?
Thanks

Try this
echo "<form><input type='button' value='$back_label' onclick='window.location=\"$url\"'/></form>";
A working example on http://codepad.org/K7AafokT

Can you take it out of the PHP context?
<?php $url = 'http://www.yourdomain.com'; ?>
<form>
<input type='button' value='<?php echo $back_label;?>' onclick='window.location="<?php echo $url;?>"'/>
</form>

Just change the quotes at the end to onclick='window.location="$url"'/>
echo "<form><input type='button' value='$back_label'
onclick='window.location="$url"'/></form>";

I believe to meet the HTML 'standard' the almost all attributes must use double quotes and for javascript you need to encapsulate the url so:
echo '
<form>
<input type="button" value="'.$back_label.'" onclick="window.location=\''.$url.'\'" />
</form>';
EDIT
A cleaner way to code this is to use heredoc syntax as it eliminates the need for escaping:
echo <<<EOL
<form>
<input type="button" value="$back_label" onclick="window.location='$url'" />
</form>';
EOL;
UPDATE
You are able to go down a directory structure, and I just did a quick test and it appears to work going up the hierarchy as well.

PHP $_Post variables print but still give index errors?

Hey, I've got what has become an extremely frustrating problem with $_Post variables. I'll give examples of code rather than the actual segments to save time and confusion. On one page I'm doing this:
<? echo "<form name='form' action='page.php' method='post'>
<input type='hidden' name='slot' value=".$i.">
</form>";
?>
The $i is an index in a while loop (I'm echoing this simple form several times). The form itself is submitted with a bit a javascript.
All's well at this point, the form is submitted properly and takes me to another page, where I need to use that "slot" value to do some other junk. However, when I try to do this:
<? echo "<form name='another_form' action='another_page.php' method='post'>
<input type='hidden' name='slot_num' value=".$_POST['slot'].">
//SOME OTHER HIDDEN VARS
</form>";
?>
or this...
<? echo "<form name='another_form' action='another_page.php' method='post'>
<input type='hidden' name='slot_num' value=";
echo $_POST['slot'];
echo ">
//SOME OTHER HIDDEN VARS
</form>";
?>
or this...
<? //TOP OF PAGE
$slots = $_POST['slot'];
?>
<? //FURTHER DOWN
<? echo "<form name='another_form' action='another_page.php' method='post'>
<input type='hidden' name='slot_num' value=".$slots.">
//SOME OTHER HIDDEN VARS
</form>";
?>
...all I get is an Undefined index: slot etc.. etc... error, and source of the php document just has blank space. Funny thing is, if I simply do this:
echo $_POST['slot'];
at the top of the page, it prints out the value from the previous page just fine, however, if I view the source, it still shows an Undefined index error instead of the value. I KNOW the value is getting passed because it prints, but I can't use it for anything else because if I try to include it in my php code, it just displays an error and gives a blank value!
I've also tried using $HTTP_POST_VARS['slots'] with the same result... I am at wits end after several hours of experimentation... any advice?

check for emptiness:
if(empty($_POST['foo'])) {
$foo = "default foo";
} else {
$foo = $_POST['foo'];
}
print "My foo is '$foo'";

Edit:
Based on your comments and posted code, you seem to be trying to echo $_POST['slot'] when you should be echoing $_POST['slots']... note the s at the end.
Since $_POST is a super global, it is available anywhere on your page, so your code should work.
I noticed that you mixed slot and slots as the index in you post (you wrote $HTTP_POST_VARS['slots'] as the last example and $_POST['slot'] everywhere else). Could that be the reason?
To check what $_POST looks like, try this right about where you want to print the hidden value (though it should work the same anywhere on your page):
<?php
echo "<pre>";
print_r($_POST);
echo "</pre>";
?>
Also, your slot isn't being echoed with quote marks around it, so it should be:
<?php echo "<form name='another_form' action='another_page.php' method='post'>
<input type='hidden' name='slot_num' value='".$_POST['slots']."'>
//SOME OTHER HIDDEN VARS
</form>";
?>

Well I can't see anything wrong apart from a few syntax problems... okay so first of all, can you post me your javascript so I can see that.
Now instead of what you are doing with that, try this code:
?> <form name="another_form" action="another_page.php" method="post">
<input type="hidden" name="slot_num" value="<?php echo isset($_REQUEST['slot'])?$_REQUEST['slot']:'not found'; ?>">
</form>
<?
I am not fully sure what is wrong but i don't think the problem is in the code you've posted. it's probably sitting elsewhere so keep sending through code.

Try replacing...
<? //TOP OF PAGE
$slots = $_POST['slot'];
?>
with..
<?php //TOP OF PAGE
isset($_POST['slot']) : $slots = $_POST['slot'] ? $slots = '';
?>
Best of luck, hope that helps!

Categories