I am collecting information from users.
In one box they can enter a name, as this can have a pre existing
value read in from a MySql database I read in a value and suggest it
in the box. The user can accept this name or enter their own.
However, as much as I test I can not recreate an error some users are
experiencing. It seems some browsers are revealing my php source code
to the user or at the very least entering the source code as the
value.
The offending row of code is..
<td class="scfboxtext" width="700" colspan="2">
<input name="acceptnmn" type="text" class="scfmfrm_inp" id="acceptnmn"
value="<?= $acceptnmn ?>" size="80" maxlength="100">
</td>
The value $acceptnmn is read in from a mysql database and displayed, a
null value displays a null value and any name entered is displayed
correctly.
In about 20% of cases the users decides not to enter a value in this
box. Usually (and everytime I test) a blank value is entered into the
mysql database. However in some of the cases where no name is entered
I am astonshised to see the following value in the mysql database...
<?= $acceptnmn ?>
Exactly that, nothing else, nothing less.
When the user then reuses this entry form the value
<?= $acceptnmn ?>
..... is now suggested as a value, revealing more than I want to reveal
to the user.
(ie in these cases the code <?= $acceptnmn ?actually reads in <?=
$acceptnmn ?as the value.
The browser is thus displaying <?= $acceptnmn ?as the assigned value
to $acceptnmn
I have always thought that browsers will not show this code to the
user. That is only happening on some may be because firefox or
something else is mis reading the code.
Any help greatly appreciated
Garry Jones
Sweden
16  1478 
"GarryJones" <mo****@algonet.sewrote in message
news:06**********************************@r60g2000 hsc.googlegroups.com...
I am collecting information from users.
In one box they can enter a name, as this can have a pre existing
value read in from a MySql database I read in a value and suggest it
in the box. The user can accept this name or enter their own.
However, as much as I test I can not recreate an error some users are
experiencing. It seems some browsers are revealing my php source code
to the user or at the very least entering the source code as the
value.
The offending row of code is..
<td class="scfboxtext" width="700" colspan="2">
<input name="acceptnmn" type="text" class="scfmfrm_inp" id="acceptnmn"
value="<?= $acceptnmn ?>" size="80" maxlength="100">
</td>
Try replacing "<?= $acceptnmn ?>" with <? echo $acceptnmn ?>.
The browsers only show what they recieve in the doc returned by the server.
HTH
Vince
GarryJones wrote:
I am collecting information from users.
In one box they can enter a name, as this can have a pre existing
value read in from a MySql database I read in a value and suggest it
in the box. The user can accept this name or enter their own.
However, as much as I test I can not recreate an error some users are
experiencing. It seems some browsers are revealing my php source code
to the user or at the very least entering the source code as the
value.
The offending row of code is..
<td class="scfboxtext" width="700" colspan="2">
<input name="acceptnmn" type="text" class="scfmfrm_inp" id="acceptnmn"
value="<?= $acceptnmn ?>" size="80" maxlength="100">
</td>
The value $acceptnmn is read in from a mysql database and displayed, a
null value displays a null value and any name entered is displayed
correctly.
In about 20% of cases the users decides not to enter a value in this
box. Usually (and everytime I test) a blank value is entered into the
mysql database. However in some of the cases where no name is entered
I am astonshised to see the following value in the mysql database...
<?= $acceptnmn ?>
Exactly that, nothing else, nothing less.
When the user then reuses this entry form the value
<?= $acceptnmn ?>
.... is now suggested as a value, revealing more than I want to reveal
to the user.
(ie in these cases the code <?= $acceptnmn ?actually reads in <?=
$acceptnmn ?as the value.
The browser is thus displaying <?= $acceptnmn ?as the assigned value
to $acceptnmn
I have always thought that browsers will not show this code to the
user. That is only happening on some may be because firefox or
something else is mis reading the code.
Any help greatly appreciated
Garry Jones
Sweden
Hi, Garry,
The problem is you're using short tags (bad), and your server has short
tags disabled (short_open_tag=off in your php.ini file) (good).
You should get in the habit of using long open tags, like Vince
indicated. Short open tags can get confusing, especially if you use XML
(which has the same <? open tag).
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:m6******************************@comcast.com. ..
Hi, Garry,
The problem is you're using short tags (bad), and your server has short
tags disabled (short_open_tag=off in your php.ini file) (good).
You should get in the habit of using long open tags, like Vince
indicated. Short open tags can get confusing, especially if you use XML
(which has the same <? open tag).
Actualy I overlooked/missed the short tag. And Jerry is being more kind to
me than I deserve.
Vince
On Sun, 16 Dec 2007 13:26:09 +1000, Vince Morgan wrote:
Actualy I overlooked/missed the short tag. And Jerry is being more kind
to me than I deserve.
Vince
Thanks for the question and the answer. My server had that set to On,
just fixed it.
--
// This is my opinion.
GarryJones wrote:
>
The offending row of code is..
<td class="scfboxtext" width="700" colspan="2">
<input name="acceptnmn" type="text" class="scfmfrm_inp" id="acceptnmn"
value="<?= $acceptnmn ?>" size="80" maxlength="100">
</td>
an unrelated question from a newbie:
why do you use the equal sign in <?= $acceptnmn ?>
instead of just <?php $acceptnmn ?>
Wouldn't the variable just be replaced by the value ?
bill
jebblue wrote:
On Sun, 16 Dec 2007 13:26:09 +1000, Vince Morgan wrote:
>Actualy I overlooked/missed the short tag. And Jerry is being more kind
to me than I deserve.
Vince
Thanks for the question and the answer. My server had that set to On,
just fixed it.
But you miss the fact you do not WANT it turned on. It will cause
problems if you ever have an XML page on your site. I expect the option
will be removed in a future release.
You should turn it off and use <?php start tags, instead.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
bill wrote:
GarryJones wrote:
>>
The offending row of code is..
<td class="scfboxtext" width="700" colspan="2">
<input name="acceptnmn" type="text" class="scfmfrm_inp" id="acceptnmn"
value="<?= $acceptnmn ?>" size="80" maxlength="100">
</td>
an unrelated question from a newbie:
why do you use the equal sign in <?= $acceptnmn ?>
instead of just <?php $acceptnmn ?>
Wouldn't the variable just be replaced by the value ?
bill
Bill,
That statement is a no-op. Sure, the variable will be replaced by the
value, but there is nothing to tell PHP to display it.
You need to tell PHP you want it displayed. In this specific instance
the '=' acts as an output operator. It's equivalent to
<?php echo $acceptnmn; ?>
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Thanks guys, one further question.
You need to tell PHP you want it displayed. In this specific instance
the '=' acts as an output operator. It's equivalent to
<?php echo $acceptnmn; ?>
Is that the same as
<?php echo $acceptnmn ?>
ie do you need the semicolon.
.... and one further question...
I have only ever used <?= and never <?php echo and I have used this
methond with short tags on many forms for a couple of years so why I
have never seen this actual error before and can there be more to it?
In this particular case users are signing in a name if the person who
has keyed in the data for future reference. In same cases they dont
need to (trusted users) and then a blank name or omitted name is okay,
but in other cases they need to and it is just with these that I am
having problems.
Garry Jones
Sweden
GarryJones wrote:
Thanks guys, one further question.
>You need to tell PHP you want it displayed. In this specific instance
the '=' acts as an output operator. It's equivalent to
<?php echo $acceptnmn; ?>
Is that the same as
<?php echo $acceptnmn ?>
ie do you need the semicolon.
The semicolon isn't absolutely required here, but don't get lazy and
omit it. It's only one character, and you'll have a lot more trouble if
you don't put it in when needed.
... and one further question...
I have only ever used <?= and never <?php echo and I have used this
methond with short tags on many forms for a couple of years so why I
have never seen this actual error before and can there be more to it?
It only works with short tags enabled. So either the servers you were
on had short takes enabled or you never saw the php code on your page.
Additionally, most shared hosts now run with short tags disabled. It's
been the default since PHP 4.1 or so (I don't remember the exact release).
In this particular case users are signing in a name if the person who
has keyed in the data for future reference. In same cases they dont
need to (trusted users) and then a blank name or omitted name is okay,
but in other cases they need to and it is just with these that I am
having problems.
Garry Jones
Sweden
You need some other way to determine of the name is required or not.
How do you tell if they are a trusted user or not?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Vince Morgan wrote:
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:m6******************************@comcast.com. ..
>Hi, Garry,
The problem is you're using short tags (bad), and your server has short
tags disabled (short_open_tag=off in your php.ini file) (good).
You should get in the habit of using long open tags, like Vince
indicated. Short open tags can get confusing, especially if you use XML
(which has the same <? open tag).
Actualy I overlooked/missed the short tag. And Jerry is being more kind to
me than I deserve.
Vince
Naw, Vince, it was just an honest misteak :-)
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Jerry Stuckle wrote:
But you miss the fact you do not WANT it turned on. It will cause
problems if you ever have an XML page on your site.
I think you're overstating the problems slightly.
It will cause a minor inconvenience if you ever want to generate XML via
PHP, in that processing instructions will need to be explicitly echoed.
--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 9 days, 1:18.]
Sharing Music with Apple iTunes http://tobyinkster.co.uk/blog/2007/1...tunes-sharing/
It will cause a minor inconvenience if you ever want to generate XML via
PHP, in that processing instructions will need to be explicitly echoed.
It will cause a major inconvinience, if you ever want to use PHP6.
Guys, just get it: Just because it works somehow, it's not less bad.
On Sun, 16 Dec 2007 08:14:45 -0500, Jerry Stuckle wrote:
jebblue wrote:
>Thanks for the question and the answer. My server had that set to On,
just fixed it.
But you miss the fact you do not WANT it turned on. It will cause
problems if you ever have an XML page on your site. I expect the option
will be removed in a future release.
You should turn it off and use <?php start tags, instead.
I'm confused, I said I fixed it meaning I turned it off, it was set to
on, that's what to do right?
--
// This is my opinion.
Jonas Werres wrote:
>It will cause a minor inconvenience if you ever want to generate XML via
PHP, in that processing instructions will need to be explicitly echoed.
It will cause a major inconvinience, if you ever want to use PHP6.
Let's not spread misinformation here. Short tags *will* stay in Php6: http://www.php.net/~derick/meeting-n...nd-add-php-var
--
*****************************
Chuck Anderson • Boulder, CO http://www.CycleTourist.com
Nothing he's got he really needs
Twenty first century schizoid man.
***********************************
jebblue wrote:
On Sun, 16 Dec 2007 08:14:45 -0500, Jerry Stuckle wrote:
>jebblue wrote:
>>Thanks for the question and the answer. My server had that set to On,
just fixed it.
But you miss the fact you do not WANT it turned on. It will cause
problems if you ever have an XML page on your site. I expect the option
will be removed in a future release.
You should turn it off and use <?php start tags, instead.
I'm confused, I said I fixed it meaning I turned it off, it was set to
on, that's what to do right?
OK, I misunderstood that. I thought you meant you fixed your code to
run with it on.
Just a slight misunderstanding. You are correct to have it off.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Toby A Inkster wrote:
Jerry Stuckle wrote:
>But you miss the fact you do not WANT it turned on. It will cause
problems if you ever have an XML page on your site.
I think you're overstating the problems slightly.
It will cause a minor inconvenience if you ever want to generate XML via
PHP, in that processing instructions will need to be explicitly echoed.
Toby,
Much more than a "minor inconvenience" if you ever do anything with XML.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
================== This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: A Future Computer Scientist |
last post by:
A question: Is it really important to think about optimizing the native code
or optimizing it for P Code? Or does the code you write make a difference?
|
by: Adrian B. |
last post by:
Does anyone know of a framework or library that will enable me to use
publish/subscribe comms? I want to create a server (using Python)
running on a Unix box that will accept client connections...
|
by: James Cameron |
last post by:
Hi I'm developing a program and the client is worried about future
reuse of the code. Say 5, 10, 15 years down the road. This will be a
major factor in selecting the development language. Any...
|
by: anothermark |
last post by:
Hi There:
All of a sudden the below javascript code appears on many of my web
pages. No one else sees it from their browser. I only see it in IE and
Netscape by looking at the source code. When...
|
by: S Austin |
last post by:
Discovered recently (duh) that putting inline code in .h files (e.g.
in class definitions) is not a good idea when building DLLs and the
applications that use those DLLs. The reason being, of...
|
by: Eric Lilja |
last post by:
Hello, consider the following complete program:
#include <assert.h>
#include <ctype.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
static int...
|
by: Aaron Gray |
last post by:
Hi,
Here's some new code I have not seen before it is used in WikiPedia as well
<!-->
<style type="text/css" media="screen">
...
</style>
<!-->
|
by: R. MacDonald |
last post by:
Hello, all,
I am currently working on a .Net (VB) application that invokes routines
in unmanaged (Fortran) DLLs. The unmanaged routines then communicate
with the .Net application by means of a...
|
by: Joey Martin |
last post by:
One of my servers got hacked with the SQL injection due to poor coding.
So, I had someone write a stored procedure and new code.
But, to me, it looks just as flawed, even using the stored...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| |
