Display $_POST data in html table
Question
I have prepared a form, which is used to generate a PDF, then download the file with the data submitted. In my code I need to do it via mPdf library, which generates the file as follows:
$mpdf = new \Mpdf\Mpdf();
// Write some HTML code:
$html = "Here comes what must be displayed in the PDF file"
$mpdf->WriteHTML($html);
// Output a PDF file directly to the browser
$mpdf->Output('ticket.pdf', \Mpdf\Output\Destination::DOWNLOAD);
In my $html I need to create a table which presents a combination of the data got via $_POST eg However, when I put like below, I have a tons of errors.
$html = "<table>ID: $_POST['someVariable']</table>";
Below you can find whole code which I use to generate the file, and then download it. Could you please help me with this? I'd truly grateful for your assistance to a rookie :)
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$from = filter_input(INPUT_POST, 'from');
$to = filter_input(INPUT_POST, 'to');
$start = filter_input(INPUT_POST, 'start');
$price = filter_input(INPUT_POST, 'price');
$length = filter_input(INPUT_POST, 'length');
$timezoneFrom = getTimezone($from, $airports);
$timezoneTo = getTimezone($to, $airports);
validate($from, $to, $start, $price, $length);
echo "from " . $timezoneFrom . "<br>";
echo "to " . $timezoneTo . "<br>";
$dateFrom = new DateTime($start, new DateTimeZone($timezoneFrom));
echo $dateFrom->format('Y-m-d H:i:s e') . "<br>";
$dateTo = clone $dateFrom;
echo "clone of date :";
echo $dateTo->format('Y-m-d H:i:s e') . "<br>";
$dateTo->setTimezone(new DateTimeZone($timezoneTo));
echo "after timezone change:";
echo $dateTo->format('Y-m-d H:i:s e') . "<br>";
$dateTo->modify($length . ' hours');
echo $dateTo->format('Y-m-d H:i:s') . "<br>";
echo "Data OK";
}
require_once __DIR__ . '/vendor/autoload.php';
$mpdf = new \Mpdf\Mpdf();
// Write some HTML code:
$html = "
<!DOCTYPE html>
<html>
<head>
<style>
#head {
text-align: center;
color: red;
font-weight: bold;
}
table, th, tr, td {
border: 1px solid black;
}
</style>
<body>
<table>
<thead>
<tr>
<td colspan=\"2\" id=\"head\">SomeTitle</td>
</tr>
</thead>
<div class=\"fromTo\">
<tr>
<td></td>
<td>To: ."$_POST['from']".</td>
</tr>
</div>
<div class=\"flightData\">
<tr>
<td>Departure (local time): $start</td>
<td>Arrival (local time)</td>
</tr>
</div>
<div class=\"date\">
<tr>
<td>$dateFrom</td>
<td>$dateTo</td>
</tr>
</div>
<div class=\"FlightPass\">
<tr>
<td>Flight time:</td>
<td>$length</td>
</tr>
<tr>
<td>Passenger:</td>
<td></td>
</tr>
</div>
</table>
</body>
</head>
</html>";
$mpdf->WriteHTML($html);
// Output a PDF file directly to the browser
$mpdf->Output('ticket.pdf', \Mpdf\Output\Destination::DOWNLOAD);
Please don't hesitate to provide me with advices and questions if you have some. Regards.
1 answers
solution1
0 ACCPTED 2017-11-22 07:58:07
You should never pass user input to HTML directly (not even to HTML to PDF input, to keep best practices and support code reusability) as your code then would be XSS vulnerable. You should treat the input correctly with the htmlspecialchars function.
$someVariableOutput = htmlspecialchars($_POST['someVariable']);
As to your original question:
You need to concatenate the string with the variable with the . operator:
$html = "<table>ID: " . $someVariableOutput . "</table>";
or you can display the variable in double-quoted string:
// the {} are just for a good measure here
// they would be useful when printing eg. an array key.
$html = "<table>ID: {$someVariableOutput}</table>";
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.