Hey guys,
I've got a php variable like so.. $name = $_REQUEST['name']; I'd like to put it in a HTML form field's value e.g in here.. <input type="text" name="name" value=(php variable here) />
How would I do so?
Thanks.
views:
37answers:
2
+2
A:
You can do it like this,
<input type="text" name="name" value="<?php echo $name;?>" />
But seen as you've taken it straight from user input, you want to sanitize it first so that nothing nasty is put into the output of your page.
<input type="text" name="name" value="<?php echo htmlspecialchars($name);?>" />
Rich Adams
2010-07-23 11:35:28
Short tags are deprecated and that opens up a lovely world of XSS (since $name is clearly indicated as user generated content in the code provided in the question)
David Dorward
2010-07-23 11:36:22
Thanks, I noticed the sanitizing once I'd answered and was already updating when you posted this comment ;) I've updated my answer to remove the short tags after your comment though. I know they're deprecated, but I still use them so it was just automatic to type it out that way.
Rich Adams
2010-07-23 11:43:43