I'm having a bit of a problem. I am trying to create an IRC bot, which has an ampersand in its password. However, I'm having trouble putting the ampersand in a string. For example...
<?php
$var = "g&abc123";
echo $var;
?>
I believe this should print g&abc123. However it's printing g.
I have tried this as well:
<?php
$arr = array("key" => "g&abc123");
print_r($arr);
?>
This prints it correctly with the g&abc123, however when I say echo $arr['key']; it prints g again. Any help would be appreciated. I'm running PHP5.3.1.
EDIT: Also, I just noticed that if I use g&abc123&abc123 it prints g&abc123. Any suggestions?
I don't have that issue in a console:
php > $d="g&abc123";
php > echo $d;
g&abc123
What environment are you printing the output to? It sounds like you are viewing it in a web browser, and the & is being interpreted as a malformed HTML entity. Try replacing the & symbol with the entity encoded version &.
Look at the source code, it will be printing the correct code.
If you want it to print out correctly in HTML, then run htmlentities on it or make the & &
View the web page source to make sure your variable contains the correct value.
You're probably sending your output to a Web browser.
The correct way of doing it is
In HTML, XHTML and XML, the ampersand has a special meaning. It is used for character entities. You can think of it as an escape sequence of sorts.
For instance, in PHP, this would be illegal:
$variable = 'It's Friday';
This is because the apostrophe is interpreted by PHP as the end of your string, and the rest of your content looks like garbage.
Instead, you have to say:
$variable = 'It\'s Friday';
Similarly, in HTML and XHTML, you can't say
<h1>Inequalities</h1>
<p> x<yz+3 </p>
This is because it would be interpreted as an element.
Instead, you'd have to say:
<h1>Inequalities</h1>
<p> x<yz+3 </p>
Now, as you can see, the ampersand itself has a special meaning and, therefore, needs to be escaped as &. htmlspecialchars() will do it for you.
Related
I want to display text on the page, the text should look like this:
<sometext> ... but when I echo this, nothing appears!!
How ca I do this?
A "page" is written in HTML, so < means "Start a tag".
You have to represent characters with special meaning in HTML using entities.
You can write them directly, or make use of the htmlspecialchars function.
echo "<sometext>";
echo htmlspecialchars("<sometext>");
You probably want <sometext>.
If that text is coming from user input, you should definitely use htmlspecialchars() on it, to help prevent XSS.
This is because the browser assumes it is an unknown tag. If you want the browser to show it, use:
echo '<sometext>';
or use the htmlentities function like so:
echo htmlentities('<sometext>');
You need to call htmlentities() to convert the HTML metacharacters into something that will display properly.
I'm rendering some HTML that uses the pseduo before element to render bullet points by setting the content value
.lst-kix_mnfdzhrfoeyd-0>li:before {
content: "\0025cf";
}
But when I'm printing this in PHP the string is truncated to 5cf which means the bullet points won't render.
I've tested this with a simple PHP script and can confirm it happens. Any suggestions? As you can see from the var_dump the preceding character is present as the character count is 4.
<?php
$s = "\0025cf";
print $s;
// 5cf
var_dump($s);
// string(4) "5cf"
Update:
I wrongly put single quotes in the PHP example, but was infact using double-quotes. Having changed the assignment of the string the necessary HTML to use a string literal there is no need to escape the characters. As pointed out in the comments.
Thanks.
If you want to literally output \0025cf then it's as easy as echo "\\0025cf";
If you want to output the character represented by that code, it's not as easy. If you're outputting to HTML context, then try echo "●";.
try this
$s = "\\0025cf";
echo $s;
I've got this down to a two line php file:
$s = "<option value=\"%id%\">%desc%</option>";
die($s);
This will output:
%desc%
If I change the <>s to & l t ; & g t ;
then it works but the string I am trying to output is to be interpreted as HTML.
I don't see anything in the PHP string docs to indicate that <>s are special characters that need escaping.
Funny thing is, I have the same problem happening when trying to quote the problem in this forum!
Whats the deal?
You are getting the correct output to your browser, that is
<option value=\"%id%\">%desc%</option>
However, your browser is then parsing this as HTML. You can confirm this by viewing the raw HTML source.
If you do not want your browser to parse it as HTML, use < and >.
Why does this code
$string = "!##$%^&*(<a#g.com";
echo $string;
only output:
!##$%^&*(
Is this is a PHP bug?
Because < is a reserved character in in HTML :)
Use < and >
Read this for more information
http://www.w3schools.com/HTML/html_entities.asp
You can use the function htmlspecialchars to convert such special chars
http://php.net/manual/en/function.htmlspecialchars.php
I'm not seeing that:
http://ideone.com/zhycx
Perhaps you've got some weird characters in your file? Make sure you're using a "normal" encoding on your source code, as well.
You need to do:
echo htmlentities($string);
to display the string as it is on a browser. This is because the < in the string is interpreted by the browser as start of a HTML tag.
So it's not PHP but the browser that is causing this behavior. If you do the exact same display on a command line, you'll see all the characters.
If you are viewing the output in a web browser, then the < begins a tag and is usually not displayed but interpreted in the HTML document structure parser. Also, a $ inside of a double-quoted string is interpolated as the variable name that follows it; try using single quotes where this won't happen.
Try this:
$string = '!##$%^&*(<a#g.com';
echo htmlentities($string);
I have some php code in a database like so
$x = "<?php some code here ?>";
but I want to output that whole line to the browser without php evaluating it. Right now it is evaluating it unfortunately. I thought about escaping it but that didn't work. How might a person accomplish this?
Thanks
EDIT:
<?php
echo '<? hey ?>';
echo "<dog dog>";
?>
if I run that code the dog dog tag shows up in the browser source code where as <? hey ?> does not. It seems like it would still be evaluating it.
Edit, got the answer, thanks everyone.
Just do:
echo htmlspecialchars($x);
'Single quotes' tell PHP to interpert the string exactly as is. It will include all whitespace and characters exactly as is.
"Double Quotes" tell PHP to parse the string. This reduces whitespace, replaces variables, and parses any other magic string things.
Finally, `backticks` are used for shell commands.
If you are trying to display it in a browser exactly like that, you might want to try htmlentities($string).
Do you want it to appear like that? If so, you'll need to use < and > (strictly only the < is necessary) to encode the string.
use '(single quotes) instead of "(double quotes)
Ih PHP double quotes evaluate expressions, single quotes do not so:
$a = 123;
$b = "value of $a"; // value of 123
$c = 'value of $a'; // value of $a
The only problem with single quotes is they don't understand characters like \n for newlines (that will be printed as \n not a newline when put in single quotes).
So is all you need:
echo '<?php some code here ?>';
?
For more information see Strings in the PHP manual.
You're a bit unclear about what gets evaluated.
If you're talking about variables, there are plenty of correct answers here.
If you're talking about the <? ?> block, something's wrong. That string should not be evaluated if within a PHP block (If you mean the opening and closing PHP statements).
Maybe you are missing the opening and closing <? ?> before and after your operation?
If you're outputting php code you might even consider using highlight_string which will perform syntax highlighting on the input