Forum Moderators: coopster
In the original version, these forms were stored in variables in an include file and looked a little something like this...
$form_a = '<form method="POST" action="whatever.php">
<fieldset><legend>Widgets</legend>
<p><label>Name:<input type="text" name="widget_name" value="' .$widget_name.'" /></label></p>
<p><label>Color:<input type="text" name="widget_color" value="' .$widget_color.'" /></label></p>
<p><label>Size:<input type="text" name="widget_size" value="' .$widget_size.'" /></label></p>
</fieldset>
</form>
As you can see, several variables are sprinkled throughout the form (shown here in blue). Those variable values are obviously added in as the script runs so that the displayed form shows the values for user editing.
I've run into some trouble in trying to move the form itself into the database. When I pull the form html from the database and attempt to echo() it, it doesn't perform the variable substitutions. The output fills the form fields with...
'.$widget_name.'
'.$widget_color.'
'.$widget_size.'
Can anyone shed some light on how to store a form like this so that when it is fetched from the database and echoed in a script the variable values are substituted in?
Thanks in advance for any responses.
cEM
Question: All the examples I've found online of it's use assume the string is coming from a variable defined in the script, as in...
$str = "This is the string \$value.";
If, however, I'm pulling the $str value from a database, how would I handle escaping single and double quotes? For instance, say the end goal was to pull this from the database and put it into eval()...
<input type="text" name="widgets" value="$widgets" />
In a regular variable string it would look like this...
$str = "<input type=\"text\" name=\"widgets\" value=\"$widgets\" />";
or
$str = '<input type="text" name="widgets" value="'.$widgets.'" />';
But what about when it's coming from a database? How would you recommend handling quotes in a string stored in a database (that will be pulled into eval())? What exactly needs to be escaped?
Another way to put it: are there assumed quotes around a string pulled from a database and stored in a variable?
Thanks again for your help.
cEM
Now you're looking for something like the addslashes() [us2.php.net] function.
Can we back up here? I'd like to discuss another approach now that my heads a little clearer in the morning rather then late at night.
I found this quote interesting if not amusing
If eval() is the answer, you're almost certainly asking the
wrong question. -- Rasmus Lerdorf, BDFL of PHP
I'm not sure of the reason for this but I imagine it's innefficient in some way.
What if you just store the name of an include file in the database? That way you do the database call and then just include($filename) and whalla, there it is! This makes it so you can more easily edit your forms plus avoids having to use eval.
Tim
