HTML is trunctating PHP text

[FAQ] HTML is trunctating PHP text (was: HTML is trunctating PHP text)

Busy <busyremove@blu eyonder.co.uk> wrote:[color=blue]
> Does anybody know why the text box on this page is trunctating $test
> to Mary?[/color]
....[color=blue]
> $test = "Mary had a little lamb";[/color]
....[color=blue]
> <input type="text" name="T1" value=<?php echo $test;?>>[/color]

Take a look at the source (the first place you should look to see what
PHP is actually doing) and you will see it's all there as:
<input type="text" name="T1" value=Mary had a little lamb>

See the html specs on attributes (that is what value is):


To make a long boring spec short:

The value should be surrounded by quotes if it contains whitespaces,
the quotes used to delimit should be escaped within the value.

eg:
<input type="text" name="T1" value="<?php echo $test;?>">
or
<input type="text" name="T1" value='<?php echo $test;?>'>

would be fine in this case, but will fail if there are quotes in $test:

$test = "The lamb will soon be Mary's little \"ham\"";

will break either quoting style unless escaped with:
<input type="text" name="T1" value='<?php echo htmlspecialchar s($test,ENT_QUO TES);?>'>

Re: HTML is trunctating PHP text

Busy (busyremove@blu eyonder.co.uk) wrote:
: Hello Folks

: Does anybody know why the text box on this page is trunctating $test to
: Mary?

: Thanks

: Nick

: <html>

: <head>
: <meta http-equiv="Content-Type" content="text/html; charset=windows-
: 1252">
: <title>New Page 1</title>
: </head>

: <body>

: <?php
: $test = "Mary had a little lamb";
: ?>

: <form method="POST" action="edit_us er.php"
: <p><input type="text" name="T1" size="30" value=<?php echo $test;
^^^^^^^^^^^^^^

Html requires

value="a quote string goes here"

Instead You are generating

value=Mary had a little lamb

which is bad html, and sets the value to the single word "Mary"

So you want

value="<?php echo $test;?>"
^ ^

(note quotes) __However__ even then, think about what happens if $test
contains

$test='ha ha"> </form>';

That will mess up your html for sure. So in general you must also escape
the data before you put it into html. There are functions to do that, I
don't recall the names of the php functions you use but the ref manual
lists them all.


--

This space not for rent.

Re: HTML is trunctating PHP text

.oO(Malcolm Dew-Jones)
[color=blue]
>So in general you must also escape
>the data before you put it into html. There are functions to do that, I
>don't recall the names of the php functions you use but the ref manual
>lists them all.[/color]

htmlspecialchar s()

Micha