Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 3 123 LastLast
Results 1 to 15 of 33
  1. #1
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts

    Escaping out of HTML inside PHP, to use PHP! Arghhhh!!!

    This code isn't working and I suspect because I am not using an escape function.

    PHP Code:
    echo 'Product ID: <INPUT name="id" type="text" value="$query = "select id from products where id=".$_POST['id'].""; $result = mysql_query($query); $row = mysql_fetch_array($result); print $row['id']">'
    If I am right, what is the escape function?

  • #2
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts
    That doesn't look right bro....

    PHP Code:
    if (!empty($_POST['id'])) 
    Whats this?

  • #3
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts
    Can't I use an escape code inside my existing code?

  • #4

  • #5
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts
    Exactly that.
    I asked about an escape function, not how to check if $_POST['id'] exists.
    Giving me things I didn't ask for when I'm trying to learn does nothing but confuse me.

    KIS - Keep It Simple.
    Last edited by Democrazy; 09-20-2011 at 12:06 PM.

  • #6
    Regular Coder
    Join Date
    May 2011
    Posts
    240
    Thanks
    1
    Thanked 56 Times in 55 Posts
    Quote Originally Posted by Democrazy View Post
    This code isn't working and I suspect because I am not using an escape function.

    PHP Code:
    echo 'Product ID: <INPUT name="id" type="text" value="$query = "select id from products where id=".$_POST['id'].""; $result = mysql_query($query); $row = mysql_fetch_array($result); print $row['id']">'
    If I am right, what is the escape function?
    You SHOULD rewrite this code.

  • #7
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts
    If you think I should re-write my code, tell me in a personal message and tell me WHY you think I should rewrite it.
    Last edited by Inigoesdr; 09-20-2011 at 02:29 PM.

  • #8
    Senior Coder
    Join Date
    Jul 2011
    Posts
    1,226
    Thanks
    3
    Thanked 171 Times in 171 Posts
    Quote Originally Posted by Democrazy View Post
    If you think I should re-write my code, tell me in a personal message and tell me WHY you think I should rewrite it.
    Bit harsh, haha.

    What exactly do you mean an escape function? Judging on your code, you're looking to find the value for your input? What you should do, is populate an a resultset with a query to collect the product(s) that you're gonna use, then echo them out in a while loop with values in your resultset.
    Example:
    PHP Code:
    $result mysql_query($query) or die(mysql_error());
    while(
    $row mysql_fetch_array($result)){
        
    // . is the string concatenation operator
        
    echo 'Product ID: <INPUT name="id" type="text" value="'.$row['id'].'">';

    Last edited by vinyl-junkie; 09-20-2011 at 02:37 PM. Reason: Edited quote from previous post

  • #9

  • #10
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts
    OMG!!!! Ok its pretty clear we have people with downs syndrome in this thread..
    Look, if you don't know how to escape out of my current code (assuming it can be done), then PLEASE just say nothing!
    I'm sick of forum preachers! ****in hell what the **** is wrong with people!
    Last edited by Democrazy; 09-20-2011 at 12:45 PM.

  • #11
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts
    PHP Code:
    echo 'Product ID: <INPUT name="id" type="text" value="

    // ESCAPE FROM HTML //
    php code
    // RETURN TO HTML //

    ">'

    Last edited by Democrazy; 09-20-2011 at 12:29 PM.

  • #12
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts
    Look don't worry. I solved it:

    PHP Code:
    echo 'Product ID: '$query "select id from products where id=".$_POST['id'].""$result mysql_query($query); $row mysql_fetch_array($result); print '<INPUT name="id" type="text" value="'.$row['id'].'"></DIV>'
    Thanks for your efforts anyway.
    Last edited by Democrazy; 09-20-2011 at 12:54 PM.

  • #13
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by tangoforce View Post
    How do you start php and stop php in every php script?
    tangoforce, if you take a closer look at my code, you will see that was not an option, and the PHP was going inside a HTML attribute.

    Quote Originally Posted by tangoforce View Post
    Thats just sloppy code. gvre has given you far better, neater and easier to maintain code. Use it or drop this thread. He has done you a massive favour even though you refuse to accept it.
    Again, I do not care for opinions. If thats what I wanna use, then I will use it. I shouldn't have people constantly preaching to me about this ways better than that.
    Neater and easier for you. To me, my way is better. In fact, my code is shorter and does exactly the same thing, so there you go.

    Quote Originally Posted by tangoforce View Post
    Learning to program is about asking those with experience "Can you help?" and when they give something to you on a plate: Accepting it.
    Thats your ideology, and that style of learning doesn't apply to me.

    I like seeing things - no explanations, just the raw code. My IQ is high enough to put together the logic in it to understand it.

    ... and like I said, people insist preaching and including code that you didn't ask. This does not help!
    People in this world have many problems. I swear. I don't see why people can't straight forward answers.
    Last edited by Democrazy; 09-20-2011 at 01:04 PM.

  • #14
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,332
    Thanks
    60
    Thanked 526 Times in 513 Posts
    Blog Entries
    4
    Quote Originally Posted by Democrazy View Post
    tangoforce, if you take a closer look at my code, you will see that was not an option, and the PHP was going inside a HTML attribute.
    Yes and thats bad. Suppose you want to change the page layout in the future? - You've got a lot of work ahead of you. Templating is the way forward and thats what gvre was introducing you to.

    Quote Originally Posted by Democrazy View Post
    I shouldn't have people constantly preaching to me about this ways better than that.
    Yet thats exactly what you dome to this forum and ask for help for. That is what this forum is all about - sharing tips, techinique and showing how to improve.

    Quote Originally Posted by Democrazy View Post
    Neater and easier for you. To me, my way is better. In fact, my code is shorter and does exactly the same thing, so there you go.
    Shorter? Not really. You still query the DB, read out the results, grab the first one and do something with it.

    Quote Originally Posted by Democrazy View Post
    Thats your ideology, and that style of learning doesn't apply to me.
    Why? - Are you the 'chosen' one? - Are you 'special'?

    Quote Originally Posted by Democrazy View Post
    I like seeing things - no explanations, just the raw code. My IQ is high enough to put together the logic in it to understand it.
    From what you've written above your IQ is pretty low and its actually your ego thats higher (too high I may add). If you like raw code and can understand it by looking at it then how come you're posting so many topics each day and using words like 'Arghhhh!!!' in the subject?

    I thought your high IQ handled these things? Oh and with a high IQ you would of had enough foresight to see that gvre was looking at the bigger picture and doing you a favour. High IQ? Rubbish.

    Don't expect much more help from people here to your 5 posts for emergency help every day (look at the title of this thread).

    People will see you and think "I won't bother, he won't appreciate it". Good luck on your php island
    Last edited by tangoforce; 09-20-2011 at 01:24 PM. Reason: Added extra 'h' into the Arghhhh to match the title.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #15
    Regular Coder
    Join Date
    May 2011
    Posts
    240
    Thanks
    1
    Thanked 56 Times in 55 Posts
    Btw, I have removed my code because it's useless.
    The result of the following query will be the same with $_POST['id'].

    PHP Code:
    $query "select id from products where id=" $_POST['id'


  •  
    Page 1 of 3 123 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •