[SOLVED] HTML inside a textbox

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mevets
Forum Newbie
Posts: 23
Joined: Fri Sep 15, 2006 10:06 am

[SOLVED] HTML inside a textbox

Post by mevets »

I have written an image uploading script. When the user uploads an image, I then want to be able to present the code for HTML BBCode and the plain old URL. BBCode and URL have been simple, but I have been having trouble with HTML.

Code: Select all

$imageurl = 'upload/' . $rand . '.' . $ext;
$imagepath = 'http://' . $_SERVER['HTTP_HOST'] . '/roundup/' . $imageurl;
// usual urls look like http://localhost/roundup/upload/9845897.jpg
echo '<input type="text" size=70% name="" value="<img src="' . $imagepath . '"></img>" />';
The value of the textbox ends up being '<img src=' and outside the box is '" />'.

Can anyone see what I am doing wrong?
Last edited by mevets on Tue Jul 31, 2007 10:09 pm, edited 1 time in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The value you are giving it <img> and all should be passed through htmlspecialchars() or htmlentities().
User avatar
boo
Forum Commoner
Posts: 42
Joined: Mon Jul 02, 2007 11:30 am
Location: NY

Post by boo »

It was the quotes that were causing a problem

try this

Code: Select all

echo '<input type="text" size=70% name="" value=\'<img src="' . $imagepath . '"></img>\' />';
or

Code: Select all

echo '<input type="text" size=70% name="" value="'.htmlspecialchars('<img src="') . $imagepath . htmlspecialchars('"</img>"').'" />';
using feyd advice

I have never used htmlspecialchars before but will in the future
Last edited by boo on Tue Jul 31, 2007 10:12 pm, edited 3 times in total.
mevets
Forum Newbie
Posts: 23
Joined: Fri Sep 15, 2006 10:06 am

Post by mevets »

I ended up:

Code: Select all

echo '<input type="text" size=70% name="" value="' . htmlspecialchars('<img src="' . $imagepath . '" />') . '" />';
But I think I will use boo's example cause it is much easier on the eye.
User avatar
Zoxive
Forum Regular
Posts: 974
Joined: Fri Apr 01, 2005 4:37 pm
Location: Bay City, Michigan

Post by Zoxive »

Your not escaping the strings...

Textarea would make it easiyer..

Code: Select all

echo '<textarea name=""><img src="' . $imagepath . '" /></textarea>';
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Zoxive wrote:Your not escaping the strings...

Textarea would make it easiyer..

Code: Select all

echo '<textarea name=""><img src="' . $imagepath . '" /></textarea>';
Textareas continue to need htmlspecialchars()/htmlentities() help.
Post Reply