small problem with spaces

*** michel wrote/escribió (Fri, 9 Jul 2004 13:59:32 +0200):

$data["pros"] contains "This is a project title"

Displayed in the input field: This

Oh, come on, this is simple HTML ;-)

<INPUT TYPE="text" maxlength=100 width=40 value=This is a project title>
<INPUT TYPE="text" maxlength=100 width=40 value="This is a project title">
To make it even more robust, I suggest you escape the string using
htmlentities().

--
--
-- Álvaro G. Vicario - Burgos, Spain
--

michel wrote:

What can I do to prevent this from happening?

Follow HTML syntax :-)

.... and delimit strings with spaces between single or double quotes

<input value="string with spaces"/>

--
USENET would be a better place if everybody read: | to email me: use |
http://www.catb.org/~esr/faqs/smart-questions.html | my name in "To:" |
http://www.netmeister.org/news/learn2quote2.html | header, textonly |
http://www.expita.com/nomime.html | no attachments. |

Project Title: <INPUT TYPE="text" maxlength=100 width=40 value=<? print
"\"".$data["pros"]."\""; ?>>

Thanks, myself :0

"michel" <no@spam.please> wrote in message
news:cc**********@news.cistron.nl...

Here's the snip:

<?php
// edit records directly ask for authorisation first-->later

include "../includes/db_connect.php";
$id=$_GET["rec"];
$qry="SELECT * FROM eame WHERE id=$id";
$res=mysql_query($qry);
if(!$res)die("something not right");
$data=mysql_fetch_array($res, MYSQL_ASSOC);
?>

<FORM action="edit.php" method="post">
Project Title: <INPUT TYPE="text" maxlength=100 width=40 value=<? print
$data["pros"]; ?>>

Here's the problem:

$data["pros"] contains "This is a project title"

Displayed in the input field: This

everything starting from the space is stripped.

What can I do to prevent this from happening?

thanks,

Mich

On Fri, 9 Jul 2004 13:59:32 +0200, "michel" <no@spam.please> wrote:

Here's the snip:

<?php
// edit records directly ask for authorisation first-->later

include "../includes/db_connect.php";
$id=$_GET["rec"];
$qry="SELECT * FROM eame WHERE id=$id";
You may want to cast $_GET["rec"] to an int to prevent SQL injection
attacks.
$res=mysql_query($qry);
if(!$res)die("something not right");
$data=mysql_fetch_array($res, MYSQL_ASSOC);
?>

<FORM action="edit.php" method="post">
Project Title: <INPUT TYPE="text" maxlength=100 width=40 value=<? print
$data["pros"]; ?>>

The outputted HTML will say:

<INPUT TYPE="text" maxlength=100 width=40 value=This is a project
title>

The browser interprets the space after This as the end of the value
attribute.

Put quotes around your value and use htmlentities() to convert " to
&quot;

--
David ( @priz.co.uk )

On Fri, 09 Jul 2004 14:14:22 +0200, michel wrote:

Project Title: <INPUT TYPE="text" maxlength=100 width=40 value=<? print
"\"".$data["pros"]."\""; ?>>

Thanks, myself :0

Well, "yourself" just made your life more difficult. Why not just do this:

<INPUT TYPE="text" maxlength=100 width=40 value="<? print $data["pros"];?>">

In other words, put the HTML quotes in the HTML, like everything else is?
Then you (1) don't have to escape the quotes with a backslash and (2)
don't have the added ugly concatenation stuff.

I highly recommend you take the quotes out and put them in the HTML, where
they belong.

Actually, I have a third suggestion: use single quotes around the "pros"
key, like so:

$data['pros']

It doesn't matter super-too-much but single quotes around array keys ends
up making my life easier because there is no need to escape double quotes
in double quoted strings.

There you are. More information than you asked for. later...

--
Jeffrey Silverman
je*****@pantsjhu.edu
Drop "pants" to reply by email