Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP Build a Basic PHP Website (2018) Enhancing a Form Escaping Output

Jason Brown
Jason Brown
9,626 Points

"You want to escape the name variable before displaying it to the screen." I feel like I've tried so many things ...

I've tried escaping just the description (as in the video) with <?php htmlspecialchars($_POST['description']; ?> and <?php htmlspecialchars($_POST[$listing_description]; ?>

But no dice. The error message is talking about the name variable, so I also tried that in both ways, as above. But the $listing_name is for the textarea, so why are we concerned with that? Anyways, when that didn't work I've tried replacing all the values as I left it. Can't figure out what the code challenge is actually asking for? Any help would be greatly appreciated.

views_listing_edit.php
<?php require_once("controllers_listing.php"); ?><html>
<body>

    <h1>Edit Listing</h1>

    <form method="post">
        <table>
            <tr>
                <th>
                    <label for="name">Name</label>
                </th>
                <td>
                    <input id="name" name="name" value="<?php htmlspecialchars($_POST['name']); ?>">
                </td>
            </tr>
            <tr>
                <th>
                    <label for="Link">Link</label>
                </th>
                <td>
                    <input id="link" name="link" value="<?php htmlspecialchars($_POST['link']); ?>">
                </td>
            </tr>
            <tr>
                <th>
                    <label for="Description">Description</label>
                </th>
                <td>
                    <textarea id="description" name="description"><?php htmlspecialchars($_POST['description']); ?></textarea>
                </td>
            </tr>    
        </table>
        <input type="submit" value="Save">
    </form>

</body>
</html>

1 Answer

Jennifer Nordell
seal-mask
STAFF
.a{fill-rule:evenodd;}techdegree
Jennifer Nordell
Treehouse Teacher

Hi there! You're doing great but a couple of things have gone awry. I feel fairly sure that this is because you've worked with it so much now that it no longer really resembles the starting code. You've completely removed the echo statement which is what we'll be using to display. The htmlspecialchars that you're using is correct. However, it should be used on the variables given in the starter code.

Let's say that the starter code has this:

<?php echo $myString; ?>

To escape that output we'd use this line:

<?php echo htmlspecialchars($myString); ?>

I think you can get it with these hints, but let me know if you're still stuck! :sparkles:

Jason Brown
Jason Brown
9,626 Points

Yep, that did the trick. Thanks so much! You were right, I've fussed with it till it was a shadow of its former self.