Page 1 of 1

passing a sting with <input type=hidden>

Posted: Tue Sep 02, 2008 5:41 pm
by mhoney
I have a string that has a ' (apostrophe) in it. I am trying to pass it in a form via <input type="hidden" name="reason" value='$reason'>. This string says "We're almost there.". When I pass it an display it all I get is "We". I tried using addslashes and I got "We\\\\". I tried using stripslashes and go "We". I am banging my head here... any help? Please?

Marc

Re: passing a sting with <input type=hidden>

Posted: Tue Sep 02, 2008 5:51 pm
by tamamk
I'm not sure where you have this code, I'm guessing this is being generated from an echo. Try:

<input type="hidden" name="reason" value="'.$reason.'">

In general, for your HTML tags, any value should be closed with "". Not only it is good practice, your code won't validate for XHTML format.

Re: passing a sting with <input type=hidden>

Posted: Tue Sep 02, 2008 6:09 pm
by mhoney
Thanks for the suggestion... yes it is in an echo. this is the exact line:

$formout.="<input type='hidden' name='reason' value='$arg[reason]'>";

I have tried

$formout.="<input type=\"hidden\" name=\"reason\" value=\"$arg[reason]\">";

but that just results is "We\\\'re almost there."

any other suggestions?

Re: passing a sting with <input type=hidden>

Posted: Tue Sep 02, 2008 6:16 pm
by tamamk
Do it this way:

$formout.='<input type="hidden" name="reason" value="'.$arg[reason].'">';

Watch out for the use of " and '.

Re: passing a sting with <input type=hidden>

Posted: Tue Sep 02, 2008 6:26 pm
by mhoney
Thanks again for the suggestion... I cut and paste your example into my code and get the exact same result.

"We\\\'re almost there."

One thing that is strange is that when I write it to the mysql database using mysql_real_escape_string($arg[reason]) it writes fine, but if I use that when passing the variable I get "We\\\\\\\'re almost there." This is so frustrating!

Re: passing a sting with <input type=hidden>

Posted: Tue Sep 02, 2008 6:41 pm
by tamamk
Can you paste your code here? Especially the one that is generating the $arg[reason] variable and anything manipulating it.

I have written a little example for you. Hope it helps.

Code: Select all

<form method="post" action="forum_out.php">
<?php
  $variable = "We're wokring!";
  echo '<input type="hidden" name="reason" value="'.$variable.'">';
?>
<input type="submit" name="submit" value="Test" />
</form>
 
<br />
<br />
 
<?php
  if(isset($_POST['submit'])){
    echo $_POST['reason'];
  }
?>

Re: passing a sting with <input type=hidden>

Posted: Tue Sep 02, 2008 6:57 pm
by mhoney
Ok, here is the part of the code where I am building up a string that I basically output as a simple form. I could paste the whole script but I didn't think many people would appreciate 150 lines of code.

Code: Select all

 
$formout="<form id='prnform' name='prnform' method='post' action='form_vacrequest_pdf.php' target=_blank";
   $formout.="<table>";
   $formout.="<input type='hidden' name='unpaidhrs' value='$arg[unpaidhrs]'>";
   $formout.="<input type='hidden' name='paidhrs' value='$arg[paidhrs]'>";
   $formout.="<input type='hidden' name='vacstartdate' value='$vacstartdate'>";
   $formout.="<input type='hidden' name='vacenddate' value='$vacenddate'>";
   $formout.="<input type='hidden' name='submitdate' value='$today'>";
   $formout.='<input type="hidden" name="reason" value="'.$arg[reason].'">';
   $formout.="<tr><td>Would you like to print a copy of the form you submitted?</td></tr>";
   $formout.="<tr><td colspan=2><input type='submit' id='createpdf' name='createpdf' value='Yes' onclick=\"xajax_skipprint(xajax.getFormValues('prnform'));\"></td>";
   $formout.="<td><input type='button' name='button' id='button' value='No' onclick=\"xajax_skipprint(xajax.getFormValues('prnform'));\"></td></tr>";
   $formout.="</table>";
   $formout.="</form>";
 
as you can see I am using some xajax but hopefully that isn't what is causing the problem. Here is the code for the page I am using the variables as $_POST :

Code: Select all

 
<?php
session_start();
if (@$_SESSION['valid'] != "yes")
      {
         header("location: /index.php");
         exit();
      }
require_once "../functions/sessiontimeout.inc.php"; //code to check if session has timedout
define('FPDF_FONTPATH','/apache2triad/htdocs/fpdf/font/');
require('../fpdf/fpdf.php');
 
   $pdf=new FPDF('P','mm','Letter'); //instantiate new object
   $pdf->AliasNbPages();
   $pdf->AddPage();
   $pdf->SetFont('Arial','B',38);
   $pdf->Cell(205, 30,"Vacation Request",0,1,'C');
   $pdf->line(10,30,205,30);
   $pdf->SetFont('Arial','B',14);
   $pdf->Cell(45,5,'Employee Name : ',0,0);
   $pdf->Cell(25,5,$_SESSION['fname'],0,0,'R');
   $pdf->Cell(35,5,$_SESSION['lname'],0,0);
   $pdf->Cell(35,5,'Submit Date : ',0,0);
   $pdf->Cell(55,5,date('n-j-Y g:i A',strtotime($_POST['submitdate'])),0,1);
   $today = date("Y-m-d H:i:s");
   $pdf->ln(7);
   $pdf->Cell(50,5,'Vacation Start Date : ',0,0);
   $pdf->Cell(55,5,date('n-j-Y',strtotime($_POST['vacstartdate'])),0,1);
   $pdf->ln(3);
   $pdf->Cell(50,5,'Vacation End Date : ',0,0);
   $pdf->Cell(55,5,date('n-j-Y',strtotime($_POST['vacenddate'])),0,1); 
   $pdf->ln(3);
   $pdf->Cell(35,5,'Paid Hours : ',0,0);
   $pdf->Cell(20,5,$_POST['paidhrs'],0,1);
   $pdf->ln(3);
   $pdf->Cell(35,5,'Un-Paid Hours : ',0,0);
   $pdf->Cell(20,5,$_POST['unpaidhrs'],0,1);
   $pdf->ln(3);
   $pdf->Cell(85,5,'Employee Comment / Reason : ',0,1);
   $pdf->ln(3);
   $pdf->MultiCell(190,5,$_POST['reason'],1,'L');
   $pdf->Output();
?>
 
As you can tell I am just trying to create a pdf doc if they click yes on the form created above.

Thanks again for your help.

Marc

Re: passing a sting with <input type=hidden>

Posted: Tue Sep 02, 2008 7:12 pm
by tamamk
You are not paying attention to the use of ' and ". You need to run your HTML codes sometime against some XHTML validator to note those things. Especially the > that you were missing in your <form> tag.

Code: Select all

 
   $formout='<form id="prnform" name="prnform" method="post" action="form_vacrequest_pdf.php" target="_blank" >';
   $formout.='<table>';
   $formout.='<input type="hidden" name="unpaidhrs" value="'.$arg[unpaidhrs].'">';
   $formout.='<input type="hidden" name="paidhrs" value="'.$arg[paidhrs].'">';
   $formout.='<input type="hidden" name="vacstartdate" value="'.$vacstartdate.'">';
   $formout.='<input type="hidden" name="vacenddate" value="'.$vacenddate.'">';
   $formout.='<input type="hidden" name="submitdate" value="'.$today.'">';
   $formout.='<input type="hidden" name="reason" value="'.$arg[reason].'">';
   $formout.='<tr><td>Would you like to print a copy of the form you submitted?</td></tr>';
   $formout.='<tr><td colspan="2"><input type="submit" id="createpdf" name="createpdf" value="Yes" onclick="xajax_skipprint(xajax.getFormValues(\'prnform\')); "></td>';
   $formout.='<td><input type="button" name="button" id="button" value="No" onclick="xajax_skipprint(xajax.getFormValues(\'prnform\'));"></td></tr>';
   $formout.='</table>';
   $formout.='</form>';
Your PDF creation is fine.

Re: passing a sting with <input type=hidden>

Posted: Tue Sep 02, 2008 7:22 pm
by mhoney
That is an excellent idea. This is a total newb question (Which I am)... where might I find an XHTML Validator that will let me run this type of code through it? Oh, and thank you for noticing the missing >, unfortunately that didn't change the output ;(

Re: passing a sting with <input type=hidden>

Posted: Tue Sep 02, 2008 7:36 pm
by tamamk
Google it! There are tons of them:
http://www.google.com.qa/search?rlz=1C1 ... +validator

I dont think the XHTML validator will solve your current problem though. It is just for good practice and proper HTML codes.

Regarding your current problem, I have no idea why it is not accepting it. It should come out proper if the POST variables are being passed cleanly, meaning not running them through some functions first to strip or add slashes before passing them to the PDF creator.

Try displaying the information first before passing them to PDF...see how they look like, and keep tracking them till the point you pass them to the PDF creator.

Re: passing a sting with <input type=hidden>

Posted: Tue Sep 02, 2008 8:00 pm
by WebbieDave
Why not just escape the string?

Code: Select all

<input type="hidden" value="<?php echo htmlspecialchars("I've\"", ENT_QUOTES)?>" name="str" />