If I input ' or "..." or # in the input form, the form doesn't work properly. For example...
echo "<td>Address:</td><td><input type=\"text\" name=\"address\" value=\"$address\"></td>";
Is there any easy way to get around with this?
Also, can I store tab keys in a variable?So the PHP executes properly, but the form doesn't work? How does the received HTML code look like?It looks like...
// input.php file
$firstName = $_GET["firstName"];
$lastName = $_GET["lastName"];
$address = $_GET["address"];
$city = $_GET["city"];
$postalCode = $_GET["postalCode"];
echo "<form action='save.php' method='post'>"
echo "<input type='text' name='firstName' value='$firstName'>";
echo "<input type='text' name='lastName' value='$lastName'>";
echo "<input type='text' name='address' value='$address'>";
echo "<input type='text' name='city' value='$city'>";
echo "<input type='text' name='postalCode' value='$postalCode'>";
echo "<input type='submit' name='save' value='save'>";
// save.php file
$firstName = $_POST["firstName"];
$lastName = $_POST["lastName"];
$address = $_POST["address"];
$city = $_POST["city"];
$postalCode = $_POST["postalCode"];
if ($firstName && $lastName && $address && city && $postalCode)
{
// save
...
}
else
{
header("location:input.php?firstName=$firstName&lastName=$lastName&address=$address&city=$city&postalCode=$postalCode)";
}
Suppose I input follow...
First Name: Tom
Last Name: Mario
Address: 1000 Yonge St. #123
City: Toronto
Postal Code:
Then it will return and display only up before the # sign
Like...
First Name: Tom
Last Name: Mario
Address: 1000 Yonge St.
City:
Postal Code:
And yes, the PHP executes properly.why is teh values coming from the url?
how are they getting there.Well those characters would typically confuse the parsing engine of the browser... It wouldn't know where the value ends if it's full of quotes, pretty much. I guess the hash-sign is reserved for something. Anchors normally.
I would suspect that JavaScript can handle this... If you would put the values in a JavaScript variable(escaped with addslashes maybe?), and then have JavaScript fill in the form, I think it would work.
Storing tab keys in a variable? "\t" usually represents a horizontal tab, I expect it to do so in PHP as well.I got a little curious if this would behave as I expected or not, and it seems it does.
<html>
<head>
<?php
$string = "\"Hello there!\" shouted the 'man' in seat #34 on the third balcony.";
$string = addslashes($string);
?>
<script language="javascript">
<!--
var string = "<?php echo $string; ?>";
function fillItIn() {
document.getElementById('address').value = string;
}
-->
</script>
</head>
<body onload="javascript: fillItIn();">
<form>
Address: <input name="address" type="text" value="">
</form>
</body>
</html>
That would be the basic idea. It works in IE6 so far. I don't know what can be done to it to make it work in Mozilla and Opera since I don't know much about cross-browser coding, nor JS for that matter.
Additional thought: Maybe it could be done entirely using JS. It could parse the query string... Well, I don't know how that would be done, but it's an idea.
You'd need to make it work if JS is disabled in the UA as well.. I guess stripping the string of these characters using PHP would be an OK solution.try doing htmlspecialchars() or htmlentities() on the valuesLOL :rofl:
That did slip my mind entirely. Good job moose!Originally posted by willamoose
try doing htmlspecialchars() or htmlentities() on the values
that is why I asked how they got in the url. it maybe possible that they don't have control over that part. why are they in the url anyway, they should be form a POST not a GETSorry I was sick and couldn't come to the work for about a week... Yeah.. get a flu shot...
In my code above, all the values are passed to save.php alright even with # sign. But when it returns (with header:location) it looses whatever comes after # sign.
To return the values, I could also use some method like..
echo "<form name='returnForm' action='input.php' method='get'>";
echo "<input type='hidden' name='firstName' value='$firstName'>";
echo "<input type='hidden' name='lastName' value='$lastName'>";
echo "<input type='hidden' name='address' value='$address'>";
...
echo "<script language='javascript'>";
echo "document.returnForm.submit();";
echo "</script>";
echo "</form>";
But it will cause another problem.
And I use GET because it is like header("location:filename.php?name1=$value1") and it is really a GET method?? Is there other way that I can "return" the values?
"\t" doesn't seem to work...how do you plan on sending hidden elements in the url?
use your same method in the header ***ntion but add this
// save.php file
$firstName = htmlentities($_POST["firstName"]);
$lastName = htmlentities($_POST["lastName"]);
$address = htmlentities($_POST["address"]);
$city = htmlentities($_POST["city"]);
$postalCode = htmlentities($_POST["postalCode"]);
header("location:input.php?firstName=$firstName&lastName=$lastName&address=$address&city=$city&postalCode=$postalCode)";
}
then it should work. if you must send in the urlI tried that too.. but didn't work out.
In the IE address bar it shows all the information correct.. ie) input.php?address=abc#123 but when I echo the variable address=$_GET["address"] it only prints out "abc".
And no, the values don't need to be "get" or in the url.then send them in the form as a POSTHmmm... Okay.
Thank you.
echo "<td>Address:</td><td><input type=\"text\" name=\"address\" value=\"$address\"></td>";
Is there any easy way to get around with this?
Also, can I store tab keys in a variable?So the PHP executes properly, but the form doesn't work? How does the received HTML code look like?It looks like...
// input.php file
$firstName = $_GET["firstName"];
$lastName = $_GET["lastName"];
$address = $_GET["address"];
$city = $_GET["city"];
$postalCode = $_GET["postalCode"];
echo "<form action='save.php' method='post'>"
echo "<input type='text' name='firstName' value='$firstName'>";
echo "<input type='text' name='lastName' value='$lastName'>";
echo "<input type='text' name='address' value='$address'>";
echo "<input type='text' name='city' value='$city'>";
echo "<input type='text' name='postalCode' value='$postalCode'>";
echo "<input type='submit' name='save' value='save'>";
// save.php file
$firstName = $_POST["firstName"];
$lastName = $_POST["lastName"];
$address = $_POST["address"];
$city = $_POST["city"];
$postalCode = $_POST["postalCode"];
if ($firstName && $lastName && $address && city && $postalCode)
{
// save
...
}
else
{
header("location:input.php?firstName=$firstName&lastName=$lastName&address=$address&city=$city&postalCode=$postalCode)";
}
Suppose I input follow...
First Name: Tom
Last Name: Mario
Address: 1000 Yonge St. #123
City: Toronto
Postal Code:
Then it will return and display only up before the # sign
Like...
First Name: Tom
Last Name: Mario
Address: 1000 Yonge St.
City:
Postal Code:
And yes, the PHP executes properly.why is teh values coming from the url?
how are they getting there.Well those characters would typically confuse the parsing engine of the browser... It wouldn't know where the value ends if it's full of quotes, pretty much. I guess the hash-sign is reserved for something. Anchors normally.
I would suspect that JavaScript can handle this... If you would put the values in a JavaScript variable(escaped with addslashes maybe?), and then have JavaScript fill in the form, I think it would work.
Storing tab keys in a variable? "\t" usually represents a horizontal tab, I expect it to do so in PHP as well.I got a little curious if this would behave as I expected or not, and it seems it does.
<html>
<head>
<?php
$string = "\"Hello there!\" shouted the 'man' in seat #34 on the third balcony.";
$string = addslashes($string);
?>
<script language="javascript">
<!--
var string = "<?php echo $string; ?>";
function fillItIn() {
document.getElementById('address').value = string;
}
-->
</script>
</head>
<body onload="javascript: fillItIn();">
<form>
Address: <input name="address" type="text" value="">
</form>
</body>
</html>
That would be the basic idea. It works in IE6 so far. I don't know what can be done to it to make it work in Mozilla and Opera since I don't know much about cross-browser coding, nor JS for that matter.
Additional thought: Maybe it could be done entirely using JS. It could parse the query string... Well, I don't know how that would be done, but it's an idea.
You'd need to make it work if JS is disabled in the UA as well.. I guess stripping the string of these characters using PHP would be an OK solution.try doing htmlspecialchars() or htmlentities() on the valuesLOL :rofl:
That did slip my mind entirely. Good job moose!Originally posted by willamoose
try doing htmlspecialchars() or htmlentities() on the values
that is why I asked how they got in the url. it maybe possible that they don't have control over that part. why are they in the url anyway, they should be form a POST not a GETSorry I was sick and couldn't come to the work for about a week... Yeah.. get a flu shot...
In my code above, all the values are passed to save.php alright even with # sign. But when it returns (with header:location) it looses whatever comes after # sign.
To return the values, I could also use some method like..
echo "<form name='returnForm' action='input.php' method='get'>";
echo "<input type='hidden' name='firstName' value='$firstName'>";
echo "<input type='hidden' name='lastName' value='$lastName'>";
echo "<input type='hidden' name='address' value='$address'>";
...
echo "<script language='javascript'>";
echo "document.returnForm.submit();";
echo "</script>";
echo "</form>";
But it will cause another problem.
And I use GET because it is like header("location:filename.php?name1=$value1") and it is really a GET method?? Is there other way that I can "return" the values?
"\t" doesn't seem to work...how do you plan on sending hidden elements in the url?
use your same method in the header ***ntion but add this
// save.php file
$firstName = htmlentities($_POST["firstName"]);
$lastName = htmlentities($_POST["lastName"]);
$address = htmlentities($_POST["address"]);
$city = htmlentities($_POST["city"]);
$postalCode = htmlentities($_POST["postalCode"]);
header("location:input.php?firstName=$firstName&lastName=$lastName&address=$address&city=$city&postalCode=$postalCode)";
}
then it should work. if you must send in the urlI tried that too.. but didn't work out.
In the IE address bar it shows all the information correct.. ie) input.php?address=abc#123 but when I echo the variable address=$_GET["address"] it only prints out "abc".
And no, the values don't need to be "get" or in the url.then send them in the form as a POSTHmmm... Okay.
Thank you.