Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP Build a Basic PHP Website (2018) Enhancing a Form Escaping Output

Siraj Khan
Siraj Khan
3,451 Points
Posted by Siraj Khan
Siraj Khan
3,451 Points

Can anyone help me with my code in Escaping output challenge.?

Can anyone help me with my code in Escaping output challenge.?

views_listing_edit.php 
<?php require_once("controllers_listing.php"); ?>
<html>
<body>

    <h1>Edit Listing</h1>


    <form method="post" action="views_listing_edit.php">
        <table>
            <tr>
                <th>
                    <label for="name">Name</label>
                </th>
                <td>
                    <input type="text" id="name" name="name" value="<?php if (isset($name)) echo $name; ?>" />
                </td>
            </tr>
            <tr>
                <th>
                    <label for="link">Link</label>
                </th>
                <td>
                    <input type="text" id="link" name="link" value="<?php if (isset($link)) echo $link; ?>" />
                </td>
            </tr>
            <tr>
                <th>
                    <label for="description">Description</label>
                </th>
                <td>
                    <textarea id="description" name="description"><?php if(isset($description)){echo htmlspecialchars($_POST["description"]);}?></textarea>
                </td>
            </tr>    
        </table>
        <input type="submit" value="Save"/>
    </form>

</body>
</html>

1 Answer

Spenser Hale
Spenser Hale
20,915 Points

Hello Siraj,

Issue 1: Wrong Variable

You have the right idea for the description, however you are accessing the global variable instead of the local one the controller provided. Use $description, not $_POST["description"].

<?php
echo htmlspecialchars($description);

Issue 2: Not escaping all inputs

You are using the function htmlspecialchars to escape the description, but you are not calling it to escape the $name and the $link variables. These should also be escaped.

<?php
echo htmlspecialchars($name);
echo htmlspecialchars($link);