By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,967 Members | 1,687 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,967 IT Pros & Developers. It's quick & easy.

small problem with spaces

P: n/a
Here's the snip:

<?php
// edit records directly ask for authorisation first-->later

include "../includes/db_connect.php";
$id=$_GET["rec"];
$qry="SELECT * FROM eame WHERE id=$id";
$res=mysql_query($qry);
if(!$res)die("something not right");
$data=mysql_fetch_array($res, MYSQL_ASSOC);
?>

<FORM action="edit.php" method="post">
Project Title: <INPUT TYPE="text" maxlength=100 width=40 value=<? print
$data["pros"]; ?>>

Here's the problem:

$data["pros"] contains "This is a project title"

Displayed in the input field: This

everything starting from the space is stripped.

What can I do to prevent this from happening?

thanks,

Mich

Jul 17 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
*** michel wrote/escribió (Fri, 9 Jul 2004 13:59:32 +0200):
$data["pros"] contains "This is a project title"

Displayed in the input field: This


Oh, come on, this is simple HTML ;-)

<INPUT TYPE="text" maxlength=100 width=40 value=This is a project title>
<INPUT TYPE="text" maxlength=100 width=40 value="This is a project title">
To make it even more robust, I suggest you escape the string using
htmlentities().

--
--
-- Álvaro G. Vicario - Burgos, Spain
--
Jul 17 '05 #2

P: n/a
michel wrote:
What can I do to prevent this from happening?


Follow HTML syntax :-)

.... and delimit strings with spaces between single or double quotes

<input value="string with spaces"/>

--
USENET would be a better place if everybody read: | to email me: use |
http://www.catb.org/~esr/faqs/smart-questions.html | my name in "To:" |
http://www.netmeister.org/news/learn2quote2.html | header, textonly |
http://www.expita.com/nomime.html | no attachments. |
Jul 17 '05 #3

P: n/a
Project Title: <INPUT TYPE="text" maxlength=100 width=40 value=<? print
"\"".$data["pros"]."\""; ?>>

Thanks, myself :0

"michel" <no@spam.please> wrote in message
news:cc**********@news.cistron.nl...
Here's the snip:

<?php
// edit records directly ask for authorisation first-->later

include "../includes/db_connect.php";
$id=$_GET["rec"];
$qry="SELECT * FROM eame WHERE id=$id";
$res=mysql_query($qry);
if(!$res)die("something not right");
$data=mysql_fetch_array($res, MYSQL_ASSOC);
?>

<FORM action="edit.php" method="post">
Project Title: <INPUT TYPE="text" maxlength=100 width=40 value=<? print
$data["pros"]; ?>>

Here's the problem:

$data["pros"] contains "This is a project title"

Displayed in the input field: This

everything starting from the space is stripped.

What can I do to prevent this from happening?

thanks,

Mich

Jul 17 '05 #4

P: n/a
On Fri, 9 Jul 2004 13:59:32 +0200, "michel" <no@spam.please> wrote:
Here's the snip:

<?php
// edit records directly ask for authorisation first-->later

include "../includes/db_connect.php";
$id=$_GET["rec"];
$qry="SELECT * FROM eame WHERE id=$id";
You may want to cast $_GET["rec"] to an int to prevent SQL injection
attacks.
$res=mysql_query($qry);
if(!$res)die("something not right");
$data=mysql_fetch_array($res, MYSQL_ASSOC);
?>

<FORM action="edit.php" method="post">
Project Title: <INPUT TYPE="text" maxlength=100 width=40 value=<? print
$data["pros"]; ?>>


The outputted HTML will say:

<INPUT TYPE="text" maxlength=100 width=40 value=This is a project
title>

The browser interprets the space after This as the end of the value
attribute.

Put quotes around your value and use htmlentities() to convert " to
&quot;

--
David ( @priz.co.uk )
Jul 17 '05 #5

P: n/a
On Fri, 09 Jul 2004 14:14:22 +0200, michel wrote:
Project Title: <INPUT TYPE="text" maxlength=100 width=40 value=<? print
"\"".$data["pros"]."\""; ?>>

Thanks, myself :0


Well, "yourself" just made your life more difficult. Why not just do this:

<INPUT TYPE="text" maxlength=100 width=40 value="<? print $data["pros"];?>">

In other words, put the HTML quotes in the HTML, like everything else is?
Then you (1) don't have to escape the quotes with a backslash and (2)
don't have the added ugly concatenation stuff.

I highly recommend you take the quotes out and put them in the HTML, where
they belong.

Actually, I have a third suggestion: use single quotes around the "pros"
key, like so:

$data['pros']

It doesn't matter super-too-much but single quotes around array keys ends
up making my life easier because there is no need to escape double quotes
in double quoted strings.

There you are. More information than you asked for. later...

--
Jeffrey Silverman
je*****@pantsjhu.edu
Drop "pants" to reply by email

Jul 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.