passing variables

[don]

echo "<iframe class=\"iframe\" width=\"600px\" height=\"230px\"
src=\"search_table.php?description=\"" . $description . "\">";


I tried to echo out the passed variable description in search_table.php but
it did not appear????

 

[Hywel Jenkins]

echo "<iframe class=\"iframe\" width=\"600px\" height=\"230px\"
src=\"search_table.php?description=\"" . $description . "\">";


I tried to echo out the passed variable description in search_table.php but
it did not appear????

Is it actually passed? What's the src attribute set to when you view
the source of the loaded parent page?

 

[Leif K-Brooks]

echo "<iframe class=\"iframe\" width=\"600px\" height=\"230px\"
src=\"search_table.php?description=\"" . $description . "\">";


I tried to echo out the passed variable description in search_table.php but
it did not appear????

Perhaps REGISTER_GLOBALS is off. Does $_REQUEST['description'] work?

 

[David Dorward]

echo "<iframe class=\"iframe\" width=\"600px\" height=\"230px\"
src=\"search_table.php?description=\"" . $description . "\">";

Which will come out as something like:

<iframe class="iframe" width="600px" height="230px"
src="search_table.php?description="YOURDESCRIPTION">

So, you've mixed up your CSS tutorials and your HTML tutorials. The height
and width attributes take either an integer, or an integer followed by a
percentage sign - not an integer followed by the characters "px". (This
isn't something that validation could pick up).

What validation could have picked up, was the extra quotation mark in the
output, you could probably have picked that up just by looking at the code
your script was outputting.

Try:

?>
<iframe class="iframe" width="600" height="230"
src="search_table.php?description=<? php
echo htmlentities(urlencode($description));
?>">
Alternative content
</iframe>
<?php

 

[Gazza]

David Dorward mumbled the following on 17/05/2005 08:19:

don wrote:




Which will come out as something like:

<iframe class="iframe" width="600px" height="230px"
src="search_table.php?description="YOURDESCRIPTION">

....which also appears to have an extra quote mark within the src itself.

Try:

?>
<iframe class="iframe" width="600" height="230"
src="search_table.php?description=<? php
echo htmlentities(urlencode($description));
?>">
Alternative content
</iframe>
<?php

or, purely in PHP:
<?php
$description = htmlentities(urlencode($_REQUEST['description'];
echo '<iframe class="iframe" width="600" height="230"
src="search_table.php?description="'.$description.'">';
?>

There's no need to echo everything with double quotes ("), as most of it
is just a string, so you can save a little bit of processing time by
making PHP parse it as just a string, and not evaluate it for any PHP
inside of it, by using single quote instead ('). It also makes the code
neater by saving having to escape double quotes inside the string.

 

[nice.guy.nige]

While the city slept, Gazza ([email protected]) feverishly
typed...

or, purely in PHP:
<?php
$description = htmlentities(urlencode($_REQUEST['description'];
echo '<iframe class="iframe" width="600" height="230"
src="search_table.php?description="'.$description.'">';

or even...

<?php
// whatever else is in here...
$description = htmlentities(urlencode($_REQUEST['description'];
?>

<iframe class="iframe" width="600" height="230"
src="search_table.php?description="<?=$description">

Cheers,
Nige

 

[Gazza]

nice.guy.nige mumbled the following on 17/05/2005 10:31:

While the city slept, Gazza ([email protected]) feverishly
typed...

or, purely in PHP:
<?php
$description = htmlentities(urlencode($_REQUEST['description'];
echo '<iframe class="iframe" width="600" height="230"
src="search_table.php?description="'.$description.'">';

or even...

<?php
// whatever else is in here...
$description = htmlentities(urlencode($_REQUEST['description'];
?>

<iframe class="iframe" width="600" height="230"
src="search_table.php?description="<?=$description">

Although this relies on having short_tags enabled, which one can't
assume. Some hosts are actually disabling this by default now, along
with global variables, magic_quotes_gpc etc.

And your final line should be:
src="search_table.php?description=<?=$description;?>">