In my PHP project I have a value containing special characters like ",', etc. (" 5 " inches, '3.5' inches, etc.). But it does not appear in a text field. How can I display this?
Is it possible to display this value in a text box?
Use htmlentities:
<input value="<?php echo htmlentities($value);?>">
I suppose your "text box" is an HTML <input> element?
If so, you are displaying it using something like this:
echo '<input name="..." value="' . $yourValue . '" />';
If it's the case, you need to escape the HTML that's contained in your variable, with htmlspecialchars:
echo '<input name="..." value="' . htmlspecialchars($yourValue) . '" />';
Note that you might have to add a couple of parameters, especially to specify the encoding your are using.
This way, considering $yourValue has been initialized like this :
$yourValue = '5 " inches';
You'll get from this generated HTML:
<input name="..." value="5 " inches" />
To that one, which works much better:
<input name="..." value="5 " inches" />
For UTF-8 I went for htmlspecialchars($value, ENT_QUOTES, "UTF-8") which did the trick.
stack source
When using character set UTF-8, I use the code below to get Iñtërnâtiônàlizætiøn and double (or single) quotes right:
<input type="text" name="title" value="<?php echo htmlentities(stripslashes(utf8_decode($title))); ?>" />
PS: This is useful after someone submitted the form, but when the input is not validated.
I've found if you have double quotes in a variable in JavaScript (from Ajax/database whatever) and you want to put it in a field - if you build the whole field/form HTML content and then swap that into a div using innerHTML, the double quotes in the value will cause problems. I was doing this and I couldn't figure a way around it by escaping either.
You should build the HTML content with the field and swap it in first, and then do a document.getElementById('myfieldid').value = thevalue; instead and it works fine.
I needed to apply htmlspecialcars() to the query result array. I found a useful solution from here (see the comment by sean).
// Create a cleaning function
function _clean(&$value) {
$value = htmlspecialchars($value);
//$value = htmlspecialchars($value, ENT_QUOTES); // Alternative
}
// Fetch the data from DB somehow (sqlQ is a custom function)
$q = "...";
$r = $d->sqlQ($q);
$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
//...call the function recursively (not always necessary) to the resultset row
array_walk_recursive($row, '_clean');
It does quite a bit unnecessary work if you fetch only a few text columns, but at least you don't need to write the htmlspecialchars() function to the HTML form multiple times.
Try this
echo '<input name="..." value="' . htmlspecialchars(stripslashes($yourValue)) . '" />';
or
<input name="..." value="<?php echo htmlspecialchars(stripslashes($value)); ?>">
Good luck ;)
Personally, I use this trick:
$s = str_replace("& amp ;", "&", (htmlentities(stripslashes($s), ENT_QUOTES, 'UTF-8')));
It looks like the best way to manage single and double quotes (and other special chars) with HTML input is mimicking it via textarea field.
So just create a textarea instead of input field and give some styles to make it look like a native input.
<textarea class="fake-input"> quote's and other quote"s </textarea>
<style>
.fake-input {
height: 20px; /* based on your font-size */
resize: none;
overflow: hidden;
white-space: nowrap;
width: /* your input width */
}
</style>
Related
My textarea in HTML:
Description<br><textarea name="description" rows="5" cols="27"></textarea>
Within my PHP file I have:
$desc = $_POST['description'];
echo $desc . "<br>"; // needs line breaks as per user input in textarea.
The <br> I have used within my echo is simply there to place some room before and after the other content being entered when the form is submitted.
The text entered into the description box will show up when the form is submitted, however it is on one line and not broken up as shown in the textarea when the enter key is pressed.
How can I include the breaks from the description box into the PHP echo?
EDIT:
I used...
echo "<pre>" . $desc . "<br>";
within my PHP file, works well. Thank you!
Try Using:
echo $desc = nl2br($_POST['description']) . "<br>";
The manual for nl2br. Can be found in the link below
http://php.net/manual/en/function.nl2br.php
You can place the text inside a <pre> element, or any element with the CSS attribute:
white-space: pre;
And the white space, as well as the raw text, will be preserved (i.e. you don't need to modify the value you have been supplied).
Just be careful what you allow to be injected into your HTML, as all user input is unsafe and provides an opportunity for a number of HTML injection attacks.
.output {
white-space: pre;
}
<div class="output">This is sample output.
And it has line breaks.
So it is three lines.</div>
echo $desc = nl2br($_POST['description']) . "<br>";
is a simple, one line solution :)
I have a string that has a value with an html tag and this string I want to put in a hidden input type. This is for now:
$str = "som'e text <img src="img/src.jpg">.. link";
echo '<input type="hidden" name="val" value="'.$str.'">';
I did this in order for it to be saved in my database to be show again, but the issue is it looks like this:
<input type="hidden" name="val" value="som'e text <img src="img/src.jpg">.. link">
Any ideas?
Try base64_encode() and base64_decode() php function.
<?php
$str = "som'e text <img src=\"img/src.jpg\">.. link";
echo '<input type="hidden" name="val" value="'.base64_encode($str).'">';
and get the POST value as:
$val = base64_decode($_POST['val']);
[Remember to escape the strings properly]
You can't reuse quotes over and over within your string concatentator as they'll break the interpreter. Instead, escape the inner quotes with backslashes.
$str = "som'e text <img src=\"img/src.jpg\">.. link";
You should use base64_encode() for this.. and use base64_decode() for getting original text.
and I will highly recommend you to use parameterized way to insert in database if you are not using.. PDO With Php
i need help with this problem:
I have a HTML string with output HTML code and i need search all forms where is specific input (hidden with given name and value). After this hidden input i need add another input with given params (only value is dynamically).
Thanks for replies!
// Sorry for my bad english...
You could do something like this;
<?php
$html = file_get_contents('form.html');
if (preg_match('/\<.+? name="other" .+?\>/', $html, $match)) {
$element = $match[0];
$element .= '<input type="hidden" name="appended" value="etry">';
$html = str_replace($match[0], $element, $html);
}
echo $html;
In this example it will look for a element that starts with '<' and contains 'name="other"', and ends with '>'. Then it uses this to replace itself in the original document, and append itself again, with the additional html.
This is just an example, as it does not check if you have multiple matches etc.
html form
<html><body>
<form action="process.php" method="post">
Headline:<input type="text" name="head"><br>
Content:<Textarea rows="4" cols="50" name="cont"></textarea>
</form>
</html>
my table structure
two fields are headline,content.
Filling the form:
Headline- "this is crazy"
Content- "here i want to put image like this..
<img src="$image" /> "
Process.php
in this i get Headline and content from form in two php variable
$headline=$_POST['head'];
$content=$_POST['cont'];
here i have one variable $image which contains address of image like: $image contains "img\thumb\2.jpg"
i've to insert $headline and $content into table.
problem
whenever i insert headline and content into table... headline goes fine into table..but in content it shows: "here i want to put image like this..
<img src="$image" /> "
why $image actual value is not getting parsed?
any solution?
You're not actually "in PHP" when you're attempting to output it.
In other words, you have to open a PHP section to echo the variable:
<?php echo $image; ?>
or, with your image tag:
<img src="<?php echo $image; ?>" />
It's because when you write $image into HTML textarea, it's treated as a string not as variable.
So, you should write the full image URL to your database, something like img\thumb\2.jpg and then read it to the browser.
Use html_entity_decode Convert all HTML entities to their applicable characters
html_entity_decode($content);
Example
$b = html_entity_decode("I'll "walk" the <b>dog</b> now");
echo $b; // I'll "walk" the <b>dog</b> now
See when you are trying to input special characters like <, >, & etc. they are converted into their HTML formats like < is converted into <, similarly > is converted into >. Thats why when you are trying to insert < or > symbol in database it is inserting it like < and >. You shouldn't use them like this. But if you really need them you can replace < with < and > with > just before Insert query.
$qry = "INSERT INTO TEST (HEAD, CONTENT) VALUES (" . $head . ", " . $content . ")";
$qry = str_replace("<", "<", $qry);
$qry = str_replace(">", ">", $qry);
and then you can use $qry for insertion.
I am trying to PHP data that is posted from one place to another textarea.
Here is the case:
after doSearchTweet.php shows the tweets that are retrieved using twitter API, user can checked the tweets they want using a form.
The form will post the selected tweets a textarea input.
Here is the problem, I cannot style the selected tweets in the textarea.
For example: Username - Jakob Tweet - I need help in styling php!
I select this tweet and the data is post into the textarea, it shows this
JakobI need help in styling php!
instead of
Jakob
I need help in styling php!
I tried using normal html tags like <br/> n/ in the textarea, instead of applying the html tags, it will appear as normal text like this
Jakob< b r >I need help in styling php!
here is my code
<tr><td><label for="content"><span class="postBigFont">Content: </span></label></td>
<td colspan="4"><textarea cols="60" rows="15" name="content">
<?php
$user = $_POST['username'];
$content = $_POST['content'];
$add = $_POST['add'];
foreach ($add as $i){
echo $user[$i];
echo $content[$i];
}?>
</textarea></td></tr>
Replace "<br>" with "\n" in your textarea output.
Perhaps nl2br($text); is the answer
$content = str_replace("\r\n", "<br />", $content);