htmlspecialchars()
For Arrays? I'm working on a small app for adding tables to a db, printing them via html and allowing for these tables to be deleted via a hidden form button.
?addjoke
. Error is on line #19 of HTML File. I marked line 19 with comment tags above and below.
I also attached PHP Controller below HTML code block for reference. The
$jokes
array lies below "// ***** Display DB ***** //."
I just changed selecting just one table to two tables and I had to change my mysqli_fetch_array
code from just calling the joketext
table (for just printing the rows) to joketext
AND id
( id
for deleting joketext
- the functionality that caused this problem to arise.)
So this code:
while ($row = mysqli_fetch_array($result))
{
$jokes[] = array('id' => $row['id'], 'text' => $row['joketext']); // Changed from just $row['joketext'] to now both tables.
}
has forced me to change:
<p><li><?php echo htmlspecialchars($joke, ENT_QUOTES, 'UTF-8'); ?> -
to:
<p><li><?php echo htmlspecialchars($joke['text'], ENT_QUOTES, 'UTF-8'); ?> -
Which I understand is in fact an array because there's no other way to call both without it right? I'm a newbie so I don't understand why htmlspecialchars()
can only be used with strings...what am I missing?
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>List of Jokes</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
<link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Slabo+27px">
</head>
<body>
<div id="mainContainer">
<div id="contentContainer">
<div class="headerItem">Here are all the jokes in the database:</div>
<div id="addJoke">+ <a href="?addjoke">Add Joke</a></div>
<ol>
<?php foreach ($jokes as $joke): ?>
// ***** LINE***** 19 //
<form action="?deletejoke" method="post">
// ***** LINE***** 19 //
<p><li><?php echo htmlspecialchars($joke['text'], ENT_QUOTES, 'UTF-8'); ?> -
<input type="hidden" name="id" value="<?php echo $joke['id']; ?>">
<input type="submit" value="Delete"></li></p>
</form>
<?php endforeach; ?>
</ol>
</div>
<div id="footer">
<p><a href="/php/day%207%20code/before/addjoke/">IDJB Home</a> - <a href="?addjoke">Add Joke to IDJB</a> - <a href="#">Sitemap</a></p>
<p>© <?php echo date("Y") ?> Internet Joke Database</p>
</div>
</div>
</body>
</html>
<?php
// ***** MagicQuoteFix ***** //
if (get_magic_quotes_gpc())
{
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
// ***** Begin Connection Info ***** //
$connection = mysqli_connect('localhost', 'ijdbuser', 'ijdbpw');
if (!$connection)
{
$error = 'Unable to connect to the database server.';
include 'error.html.php';
exit();
}
if (!mysqli_set_charset($connection, 'utf8'))
{
$output = 'Unable to set database connection encoding.';
include 'output.html.php';
exit();
}
if (!mysqli_select_db($connection, 'ijdb'))
{
$error = 'Unable to locate the joke database.';
include 'error.html.php';
exit();
}
// ***** Display DB ***** //
$result = mysqli_query($connection, 'SELECT id, joketext FROM joke');
if (!$result)
{
$error = 'Error fetching jokes: ' . mysqli_error($connection);
include 'error.html.php';
exit();
}
while ($row = mysqli_fetch_array($result))
{
$jokes[] = array('id' => $row['id'], 'text' => $row['joketext']);
}
if (isset($_GET['addjoke'])) {}
else
{
include 'jokes.html.php';
}
//
// ***** Begin Add/Remove DB Options ***** //
if (isset($_GET['addjoke']))
{
include 'form.html.php';
exit();
}
if (isset($_GET['deletejoke']))
{
$id = mysqli_real_escape_string($connection, $_POST['id']);
$sql = "DELETE FROM joke WHERE id='$id'";
if (!mysqli_query($connection, $sql))
{
$error = 'Error deleting joke: ' . mysqli_error($connection);
include 'error.html.php';
exit();
}
//header('Location: .');
exit();
}
if (isset($_POST['joketext']))
{
$joketext = mysqli_real_escape_string($connection, $_POST['joketext']);
$sql = 'INSERT INTO joke SET
joketext="' . $_POST['joketext'] . '",
jokedate=CURDATE()';
if (!mysqli_query($connection, $sql))
{
$error = 'Error adding submitted joke: ' . mysqli_error($connection);
include 'error.html.php';
exit();
}
header('Location: .');
exit();
}
?>
I realize some of my code is old or depreciated. I started learning from an older book and I figure I'll just finish it for context with older apps before moving to more advanced OOP programming.
Thanks for helping me learn.
I'm a newbie so I don't understand why htmlspecialchars() can only be used with strings...what am I missing?
You have to iterate through the array and escape the strings in it:
foreach($arr as &$v)
$v = htmlspecialchars($v);
Now you have each value in the array escaped.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.