Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
437 views
in Technique[技术] by (71.8m points)

html - Using a PHP variable in a text input value = statement

I retrieve three pieces of information from the database, one integer, one string, and one date.

I echo them out to verify the variables contain the data.

When I then use the variables to populate three input boxes on the page, they do not populate correctly.

The following do not work:

id: <input type="text" name="idtest" value=$idtest>

Yes, the variable must be inside <?php var ?> for it to be visible.

So:

id: <input type="text" name="idtest" value=<?php $idtest ?> />

The field displays /.

When I escape the quotes,

id: <input type="text" name="idtest" value="<?php $idtest ?>"  />

the field then displays "".

With single quotes

id: <input type="text" name="idtest" value='<?php $idtest ?>'  />

the field displays nothing or blank.

With single quotes escaped,

id: <input type="text" name="idtest" value='<?php $name ?>'  />

the field displays ''.

With a forward slash (I know that's not correct, but to eliminate it from the discussion),

id: <input type="text" name="idtest" value=/"<?php $name ?>/"  />

the field displays /"/".

Double quotes, escape double quotes, escape double quotes on left side only, etc. do not work.

I can set an input box to a string. I have not tried using a session variable as I prefer to avoid do that.

What am I missing here?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Try something like this:

<input type="text" name="idtest" value="<?php echo htmlspecialchars($name); ?>" />

That is, the same as what thirtydot suggested, except preventing XSS attacks as well.

You could also use the <?= syntax (see the note), although that might not work on all servers. (It's enabled by a configuration option.)


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...