PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
mevets
Forum Newbie
Posts: 23 Joined: Fri Sep 15, 2006 10:06 am
Post
by mevets » Tue Jul 31, 2007 9:48 pm
I have written an image uploading script. When the user uploads an image, I then want to be able to present the code for HTML BBCode and the plain old URL. BBCode and URL have been simple, but I have been having trouble with HTML.
Code: Select all
$imageurl = 'upload/' . $rand . '.' . $ext;
$imagepath = 'http://' . $_SERVER['HTTP_HOST'] . '/roundup/' . $imageurl;
// usual urls look like http://localhost/roundup/upload/9845897.jpg
echo '<input type="text" size=70% name="" value="<img src="' . $imagepath . '"></img>" />';
The value of the textbox ends up being '<img src=' and outside the box is '" />'.
Can anyone see what I am doing wrong?
Last edited by
mevets on Tue Jul 31, 2007 10:09 pm, edited 1 time in total.
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Tue Jul 31, 2007 9:54 pm
The value you are giving it <img> and all should be passed through
htmlspecialchars() or
htmlentities() .
boo
Forum Commoner
Posts: 42 Joined: Mon Jul 02, 2007 11:30 am
Location: NY
Post
by boo » Tue Jul 31, 2007 9:57 pm
It was the quotes that were causing a problem
try this
Code: Select all
echo '<input type="text" size=70% name="" value=\'<img src="' . $imagepath . '"></img>\' />';
or
Code: Select all
echo '<input type="text" size=70% name="" value="'.htmlspecialchars('<img src="') . $imagepath . htmlspecialchars('"</img>"').'" />';
using feyd advice
I have never used htmlspecialchars before but will in the future
Last edited by
boo on Tue Jul 31, 2007 10:12 pm, edited 3 times in total.
mevets
Forum Newbie
Posts: 23 Joined: Fri Sep 15, 2006 10:06 am
Post
by mevets » Tue Jul 31, 2007 10:08 pm
I ended up:
Code: Select all
echo '<input type="text" size=70% name="" value="' . htmlspecialchars('<img src="' . $imagepath . '" />') . '" />';
But I think I will use boo's example cause it is much easier on the eye.
Zoxive
Forum Regular
Posts: 974 Joined: Fri Apr 01, 2005 4:37 pm
Location: Bay City, Michigan
Post
by Zoxive » Tue Jul 31, 2007 10:08 pm
Your not escaping the strings...
Textarea would make it easiyer..
Code: Select all
echo '<textarea name=""><img src="' . $imagepath . '" /></textarea>';
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Tue Jul 31, 2007 10:13 pm
Zoxive wrote: Your not escaping the strings...
Textarea would make it easiyer..
Code: Select all
echo '<textarea name=""><img src="' . $imagepath . '" /></textarea>';Textareas continue to need
htmlspecialchars() /
htmlentities() help.