Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

PHP Variable

  1. Home
  2. Forum
  3. Programming
  4. PHP Variable

ghost's Avatar

ghost

0 0

How can i set the text from a text area to a PHP variable? I think i need to use a POST function? :angry: thanks


ghost's Avatar

ghost

0 0

there are many articles in hbh that explain how to do that. If it isnt enough you can go to php.net or google for php manuals. However the syntax is :

$myvar = $_POST['mytextfiledname'];

Learn also how to secure that.


ghost's Avatar

ghost

0 0

cool, cheers larika, I search in the articles, but i couldnt find anything.

What do you mean secure that?


nanoymaster's Avatar

nanoymaster

the master of nanoy(.org)
0 0

I believe they mean with like striptags or htmlentities


ghost's Avatar

ghost

0 0

Try doing patching challenges. They arent that hard and theres quite some info on them on HBH(forums and articles).


ghost's Avatar

ghost

0 0

nanoymaster wrote: I believe they mean with like striptags or htmlentities Did you say "they" because you don't know if Larika is male or female? :P

Here is an example of what you're probably looking for, 0rijin4l:

<body>
<form method="POST">
Enter a message: <textarea rows="2" cols="20" name="message" />
</form>
Your message was: <?php echo $_POST["message"]; ?>
</body>
</html>

Note: This file must have the *.php extension because it uses PHP, and the server must have PHP installed.

That is a very basic example, but it should be a good start.


nanoymaster's Avatar

nanoymaster

the master of nanoy(.org)
0 0

Yes I did write they because who I don't know who is male of female here.

and that isn't secure either try:

<?php echo htmlentities($_POST["message"], ENT_QUOTES); ?>


ghost's Avatar

ghost

0 0

SlimTim10 wrote: [quote]nanoymaster wrote: I believe they mean with like striptags or htmlentities Did you say "they" because you don't know if Larika is male or female? :P

Here is an example of what you're probably looking for, 0rijin4l:

&lt;body&gt;
&lt;form method=&quot;POST&quot;&gt;
Enter a message: &lt;textarea rows=&quot;2&quot; cols=&quot;20&quot; name=&quot;message&quot; /&gt;
&lt;/form&gt;
Your message was: &lt;?php echo $_POST[&quot;message&quot;]; ?&gt;
&lt;/body&gt;
&lt;/html&gt;

Note: This file must have the *.php extension because it uses PHP, and the server must have PHP installed.

That is a very basic example, but it should be a good start.[/quote]

Cheers SlimTim, that is the kind of thing i was thinking of. Yeah, i know,i found that the hardway, when i coded like a page of php then saved it as a .html and got really confused why it wosent working :S, lol. :right:

Yeah, i have my home computer configured as a server, so i work directly and test on that……

With securing it, do i need to use add_slashes? But i heard there was something more secure than add_slashes as that is escapable isnt it? :matey:


ghost's Avatar

ghost

0 0

SlimTim10 wrote:

Here is an example of what you're probably looking for, 0rijin4l:

&lt;body&gt;
&lt;form method=&quot;POST&quot;&gt;
Enter a message: &lt;textarea rows=&quot;2&quot; cols=&quot;20&quot; name=&quot;message&quot; /&gt;
&lt;/form&gt;
Your message was: &lt;?php echo $_POST[&quot;message&quot;]; ?&gt;
&lt;/body&gt;
&lt;/html&gt;

Note: This file must have the *.php extension because it uses PHP, and the server must have PHP installed.

That is a very basic example, but it should be a good start.

Cheers SlimTim, that is the kind of thing i was thinking of. Yeah, i know,i found that the hardway, when i coded like a page of php then saved it as a .html and got really confused why it wosent working :S, lol. :right:

Yeah, i have my home computer configured as a server, so i work directly and test on that……

With securing it, do i need to use add_slashes? But i heard there was something more secure than add_slashes as that is escapable isnt it? :matey:

Im not to worried about it being uber secure because it is a charity's site so i don't think it will particularly be a target, plus the area this code is in is htaccess-ed so it should be not to bad.

(Ihad always presumed Larika was male, but now you mention it……..:right:)


ghost's Avatar

ghost

0 0

my mentor told me to use a array, like this

&lt;?php
$bad=array(&quot;&#39;&quot;,&#39;&quot;&#39;,&quot;&lt;&quot;,&quot;&gt;&quot;,&quot;&#92;&#92;&quot; );

$_GET[&#39;thing&#39;]=str_replace($bad,&quot;&quot;,$_GET[&#39;thing&#39;]);

echo &quot;Your text is &quot; . $_GET[&#39;thing&#39;];
?&gt;```

you could also declare the input as a variable and then use the array to secure it..

ghost's Avatar

ghost

0 0

i will have to be careful with what i disallow as it is a textbox for people to edit news articles so i do not want to take out commonly used characters such as

' or " or even> /(incase someone wants to suggest another website…….

What characters would you recomend be denied?

Edit: Bugger can't try any of those scripts now as i do not have access to a php server at school, and ftp connections are banned, bugger!


ghost's Avatar

ghost

0 0

you don't have to deny characters, you could also modify the array to replace those characters with their html entities ;)


ghost's Avatar

ghost

0 0

oh, so replace

" with " or whatever it is………?


ghost's Avatar

ghost

0 0 
&lt;?php
$_GET[&#39;thing&#39;]=str_replace(&quot;&quot;&quot;,&quot;&!quot;&quot;,$_GET[&#39;thing&#39;]);
?&gt;

like that, it replaces " with the html-entity and would display as a normal quotation mark on the page, but it is secure.. you have to remove the "!" in the str_replace() for it to work..

for common entities and stuff:

http://www.w3schools.com/tags/ref_entities.asp

cheers, Romnous


SySTeM's Avatar

SySTeM

-=[TheOutlaw]=-
20 0

<?php $lol = htmlentities($_POST["blahblah"]); echo $lol; ?>


ghost's Avatar

ghost

0 0

that works much better/faster :P