Page 1 of 1

[SOLVED] HTML inside a textbox

Posted: Tue Jul 31, 2007 9:48 pm
by mevets
I have written an image uploading script. When the user uploads an image, I then want to be able to present the code for HTML BBCode and the plain old URL. BBCode and URL have been simple, but I have been having trouble with HTML.

Code: Select all

$imageurl = 'upload/' . $rand . '.' . $ext;
$imagepath = 'http://' . $_SERVER['HTTP_HOST'] . '/roundup/' . $imageurl;
// usual urls look like http://localhost/roundup/upload/9845897.jpg
echo '<input type="text" size=70% name="" value="<img src="' . $imagepath . '"></img>" />';
The value of the textbox ends up being '<img src=' and outside the box is '" />'.

Can anyone see what I am doing wrong?

Posted: Tue Jul 31, 2007 9:54 pm
by feyd
The value you are giving it <img> and all should be passed through htmlspecialchars() or htmlentities().

Posted: Tue Jul 31, 2007 9:57 pm
by boo
It was the quotes that were causing a problem

try this

Code: Select all

echo '<input type="text" size=70% name="" value=\'<img src="' . $imagepath . '"></img>\' />';
or

Code: Select all

echo '<input type="text" size=70% name="" value="'.htmlspecialchars('<img src="') . $imagepath . htmlspecialchars('"</img>"').'" />';
using feyd advice

I have never used htmlspecialchars before but will in the future

Posted: Tue Jul 31, 2007 10:08 pm
by mevets
I ended up:

Code: Select all

echo '<input type="text" size=70% name="" value="' . htmlspecialchars('<img src="' . $imagepath . '" />') . '" />';
But I think I will use boo's example cause it is much easier on the eye.

Posted: Tue Jul 31, 2007 10:08 pm
by Zoxive
Your not escaping the strings...

Textarea would make it easiyer..

Code: Select all

echo '<textarea name=""><img src="' . $imagepath . '" /></textarea>';

Posted: Tue Jul 31, 2007 10:13 pm
by feyd
Zoxive wrote:Your not escaping the strings...

Textarea would make it easiyer..

Code: Select all

echo '<textarea name=""><img src="' . $imagepath . '" /></textarea>';
Textareas continue to need htmlspecialchars()/htmlentities() help.