tags:

views:

659

answers:

6
+1  Q: 

Using htmlentities in a string

Hi.

I know I should be using htmlentities for all my form text input fields but this doesn't work:

<?php
echo "<tr>
        <td align=\"right\">".Telephone." :</td>    
        <td><input type=\"text\" name=\"telephone\" size=\"27\"
            value=\"htmlentities($row[telephone])\"> Inc. dialing codes
        </td>    
</tr>";
?>

It simply shows the input value as "htmlentities(0123456789)" in the form? What have I done wrong please?

+5  A: 

try using 

value=\"" . htmlentities($row[telephone]) . "\"

there. Currently, your string simply contains the htmlentities string and splices the variable in. You need to get out the string, call the function and put it's result in place, as above.

workmad3  2008-10-16 16:08:14
+ is not the concat operator in PHP, it's .
eyelidlessness  2008-10-16 16:10:04
should be: value=\"" . htmlentities($row[telephone]) . "\"
Joe Lencioni  2008-10-16 16:10:12
changed... it's been a while since I've used actual PHP :)
workmad3  2008-10-16 16:12:39
That's it. Seems to be working great, thanks guys!
 2008-10-16 16:19:07
+3  A: 

You can't call a function in the middle of a string. You need to get the return value from the function call and then include that in the string.

However...

<tr>
    <td align="right">
        <label for="telephone">Telephone:</label>
    </td>    
    <td>
        <input type="text" 
               name="telephone" 
               id="telephone"
               size="27" 
               value="<?php 
                   echo htmlentities($row[telephone]); 
               ?>"> 
        Inc. dialing codes 
    </td>
</tr>

... would be cleaner.

As would getting rid of the deprecated presentational markup and use of tables for layout.

David Dorward  2008-10-16 16:08:37
A: 

First of all, don't echo your HTML in a string. Separate code from markup.

<tr>
    <td align="right">Telephone :</td>
    <td><input type="text" name="telephone" size="27"
        value="<?php echo htmlentities($row['telephone']); ?>"> Inc. dialing codes</td>
</tr>
eyelidlessness  2008-10-16 16:09:32
<?= doesn't work on most PHP5 servers.
Darryl Hein  2008-10-16 16:11:01
His HTML is inside a PHP string, so the tags won't work. Also, as an aside, using short tags ("<?= ?>") is a bad idea, since they have to be enabled in php.ini, which you may not have access to.
Lucas Oman  2008-10-16 16:11:47
Right, I removed short tags. Should not be putting markup in a string though, made note of that.
eyelidlessness  2008-10-16 16:13:59
Of course his HTML inside of PHP tags will work because he has an echo.
Darryl Hein  2008-10-16 16:51:58
+1  A: 

@workmad3: that won't work as he's doing PHP.

<?php echo '<tr>
                <td align="right">' . Telephone . ' :</td>    
                <td><input type="text" name="telephone" size="27" value="' . htmlentities($row[telephone]) . '" /> Inc. dialing codes</td>    
        </tr>';
Darryl Hein  2008-10-16 16:10:31
+1  A: 

This will work:

<?php
echo "    <tr>
                    <td align=\"right\">Telephone :</td>    
                    <td><input type=\"text\" name=\"telephone\" size=\"27\" value=\"".htmlentities($row[telephone])."\"> Inc. dialing codes</td>    
            </tr>";
?>

BTW, I also corrected some very strange syntax you have going on here, like where you concatenate the constant "Telephone", which really should be inside the string. These kinds of details are important and will break your code easily.

Also, I suggest using single quotes, instead of double, around a string like this so that you don't have to escape all of the double quotes inside the string.

Lucas Oman  2008-10-16 16:15:25
+1  A: 

if you're just looking for making-your-output-safe-in-hml; You should use htmlspecialchars() instead, since its 'only' an telephone number.

htmlspecialchars($row[telephone], ENT_QUOTES);

htmlentities() is a bit slower and not as good with multibyte characters. But I'm guessing you're not getting to those problems just jet.

Martijn Gorree  2008-10-16 20:03:20
I agree only htmlspecialchars is needed. of course i hope you are implementing utf-8 too.
levhita  2008-10-17 14:57:58

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases