Populating Forms with Channel Entries / HTML Entities
Development and Programming
I’m attempting to build a form that’s populated with data from a channel entry.
Test value of {contact_name}:
John "Example" DoeTemplate:
<input type="text" name="contact_name" value="{contact_name}" />Output:
<input type="text" name="contact_name" value="John "Example" Doe" />If I was writing straight PHP I’d run it through htmlentities and be done, however, it generates an error with this test case.
Template:
<input type="text" name="contact_name" value="<?php echo htmlentities("{contact_name}"); ?>" />Output:
Parse error: syntax error, unexpected T_STRING in [path]/expressionengine/libraries/Functions.php(640) : eval()'d code on line 21What’s the best way of handling this?
Moved to Development and Programming by Moderator
Whoops! Looks like it was an ID 10T issue.
Corrected/Functional Template:
<input type="text" name="contact_name" value="<?php echo htmlentities('{contact_name}'); ?>" />
So are you all set, then?
It turns out that it still doesn’t work; a test case with an apostrophe/single quote in the value of {contact_name} will throw the unexpected T_STRING error.
Test Value:
John 'Example' DoeTemplate:
<input type="text" name="contact_name" value="<?= htmlentities('{contact_name}') ?>" />Output:
Parse error: syntax error, unexpected T_STRING in [path]/expressionengine/libraries/Functions.php(640) : eval()'d code on line 44
Hi PressEnter Creative,
I think you might need to add the ENT_QUOTES flag to htmlentities in this case.
Cheers
Greg
ENT_QUOTES was an interesting idea, but that didn’t fix it; I think the issue has more to do with my incomplete understanding of how PHP and the template interact with each other than anything else.
Test Value:
John "Teacher's Pet" DoeEdit:
I thought that addslashes might do the trick, but it doesn’t work either:
<input type="text" name="contact_name" value="<?= stripslashes(htmlentities(addslashes("{contact_name}"))) ?>" ><input type="text" name="contact_name" value="<?= stripslashes(htmlentities(addslashes('{contact_name}'))) ?>" >I took a quick look through the EE getting started guide, and did a bit of research regarding the escaping problem.
With PHP set to parse on Output, as we’re currently doing in our template, the channel entry gets evaluated first.
So, if, {contact_name} is:
John "Teacher's Pet" DoeTemplate:
<?= stripslashes(htmlentities(addslashes('{contact_name}'))) ?>" >Template is evaluated as:
<?= stripslashes(htmlentities(addslashes('John "Teacher's Pet" Doe'))) ?>" >Which results in a PHP parse error. No PHP function can fix this, because the string inside the channel entry needs to be escaped prior to reaching the PHP stage of evaluation.
This means we need some magic EE action to do the escaping for us, or a way to put the channel entry into a PHP variable without wrapping it in quotes or apostrophes; but there doesn’t appear to be an addslashes function in EE.
There are a couple of ways around this problem; two are outlined here:
- PHP heredoc format to store the channel entry in a PHP variable
- {exp:xml_encode}
Further searching revealed this this guy ran into the problem and wrote an addslashes plugin for EE1.
In any event, in this instance where all I need to do is display data from a channel entry in a form, I believe the best practice would be to use {exp:xml_encode}, as follows:
<input type="text" name="contact_name" value="{exp:xml_encode}{contact_name}{exp:xml_encode}" />Thankfully, this will render as desired:
<input type="text" name="contact_name" value="John "Teacher's Pet" Doe" />
Thank you for taking the time to so clearly articulate this problem and, even better, the solution. I was having the same issue and this helped greatly.
It’s probably the most useful conversation I’ve ever had with myself; glad it helped!