tags:

views:

64

answers:

4
Q: 

How to set HTML value attribute (with spaces) using PHP

When I use PHP to set the value of a HTML form input element, it works fine provided I don't have any spaces in the data.

Here's the code:

<input type="text" name="username"
<?php echo (isset($_POST['username'])) ? "value = ".$_POST["username"] : "value = \"\""; ?> />

If I enter "Jonathan" as the username, it is repeated back to me as expected. If I enter "Big Ted", however, I only get "Big" repeated back when I submit the form...

Note that the $_POST["Username"] variable is correct. (I.e. when I echo it using PHP, it is set to Big Ted.)

+1  A:  
<input type="text" name="username"
<?php echo (isset($_POST['username'])) ? "value = '".$_POST["username"]' : "value = ''"; ?> />

You have to wrap the variable result with quotes, so that the browser can know what's the content of the input.

Cristian  2010-06-20 04:19:09
add a quote to your name and you'll end up with same problem :)
Col. Shrapnel  2010-06-20 04:27:58
+1  A:  
<input type="text" name="username"
<?php echo (isset($_POST['username'])) ? ('value = "'.$_POST["username"].'"') : "value = \"\""; ?> />

Be aware of your quote usage.

meder  2010-06-20 04:20:00
add a quote to your name and you'll end up with same problem :)
Col. Shrapnel  2010-06-20 04:28:29
@Col Shrapnel - This was a very trivial question and I'm much too used to frameworks doing the work for me to bother advising that, but sure...
meder  2010-06-20 04:39:37
Why not to bring an example with your favorite framework use then?
Col. Shrapnel  2010-06-20 04:55:33
Because it'd be out of the scope of this simple question and just overcomplicate things.
meder  2010-06-20 05:33:13
Well why bother to answer at all? If you fail to answer even this trivial question properly?
Col. Shrapnel  2010-06-20 05:39:18
His problem was he wasn't wrapping double quotes around a string which had a space in it ( properly coding an attribute having a value in HTML ), the solution was to wrap double quotes around it so it was valid HTML, thus answering his question. You're overly being nitpicky about something that isn't so major. Thank you for the downvote.
meder  2010-06-20 05:40:06
+5  A: 

Quote it. Otherwise the space will just become an attribute separator and everything after spaces will be seen as element attributes. Rightclick page in webbrowser and view source. It should not look like this (also see syntax highlight colors):

<input value=Big Ted>

but rather this

<input value="Big Ted">

Not to mention that this would still break when someone has a quote in his name (and your code is thus sensitive to XSS attacks). Use htmlspecialchars().

Kickoff example:

<input value="<?php echo (isset($_POST['username']) ? htmlspecialchars($_POST['username']) : ''); ?>">
BalusC  2010-06-20 04:20:42
XSS has nothing to do here. Encoding required by standard. Even if you edit fully allower HTML in the admin area, you have to htmlencode values, including textarea content.
Col. Shrapnel  2010-06-20 04:30:32
@Col: where did I said that XSS is related to the particular problem? :)
BalusC  2010-06-20 04:31:33
ah yes I've overlooked it. Focused on the key word, you know :)
Col. Shrapnel  2010-06-20 04:34:33
+1  A: 

As you see its not PHP5 or even PHP question at all.
Basic HTML knowledge is obligatory for one who want to be a PHP user.

And with using templates it looks way more neat:

Getting data part code:

$username = "";
if isset($_POST['username'])) $username = htmlspecialchars($_POST["username"]);

And template code:

<input type="text" name="username" value="<?=$username?>">

If you divide your code to 2 parts it become way more supportable and readable.

Col. Shrapnel  2010-06-20 04:26:44
It's not a good practice to use short open tags since the server can have them disabled though, I would advise against recommending that to the OP.
meder  2010-06-20 04:37:05
@meder well just turn it on. Not a big deal. That's what configuration settings are for.
Col. Shrapnel  2010-06-20 04:54:29
Why would you? It's a bad practice to use it in the first place. That and I wouldn't ever use PHP if I managed the server.
meder  2010-06-20 05:33:51
@meder who said it's "bad practice"?
Col. Shrapnel  2010-06-20 05:37:47
@Col Shrapnel - Most experienced PHP developers agree it is bad practice. They're also being phased out in PHP6, are they not?. http://stackoverflow.com/questions/200640/are-php-short-tags-acceptable-to-use
meder  2010-06-20 05:43:27
@meder no, they are not being phased out in PHP6, it's empty rumor. Spreaded by these "most experienced PHP developers". I don't see one there though. ZF uses short tags in their template system if you prefer fat authority as a proof.
Col. Shrapnel  2010-06-20 06:04:42

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?