• Use stripslashes to remove any added \ made by the php server
  • Use htmlspecialchars to avoid any special chars being taken as html tags.

<?php

$yname = stripslashes($_REQUEST[you]);
$yourname = htmlspecialchars($yname);

$ynationality = stripslashes($_REQUEST[nationality]);
$yournationality = htmlspecialchars($ynationality);

?>
<html>
<head>
<title>This is an IO demo</title>
</head>
<body bgcolor=#88CCFF>
<h1>Input and Output</h1>
<table>
<form>
<tr><td>Please enter your name <td><input name = you value="<?= $yourname ?>">
<tr><td>Please enter your nationality <td><input name = nationality  value="<?= $yournationality ?>">
<input type=submit>
</form>
</table>
<hr>

<?
if ($yourname){
print <<<END
Previous entry:<br>
<ul>
<li>name: $yourname <br>
<li>nationality:  $yournationality <br>
</ul>
END;
}
?>

</body>
</html>


-- PeterJones - 08 Nov 2006
Edit | Attach | Watch | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2006-11-08 - PeterJones
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Main All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback