Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

PHP Enhancing a Simple PHP Application Adding Search: Controller & View Escaping Output Review

10,612 Points

Challenge Task

A visitor to our site has just performed a search for chocolate, which has returned no results. Change this code to display the search term in the search box again, making sure to protect the page against malicious code that might have been entered.

Below is the code inside the form

<form method="get" action="./"> <input type="text" name="s" value = "<?php echo htmlspecialchars($search_item); ?>"> <input type="submit" value="Go"> </form>

the bug tells me to use the value attribute to display inside the input box, but I am using the value attribute.

is it my mistake or the code challenge is not working properly?


2 Answers

Alex Heil
Alex Heil
53,534 Points

hello, unfortunately your code was stripped so I can't tell you what error you had in it. but I just re-did the challenge and it was working fine for me, so the code you want to check is this line:

<input type="text" name="s" value="<?php echo htmlspecialchars($search_term); ?>">

first thing to note is the new value attribute, this was added so that you can show the entered search text on the screen the second part is the htmlspecialchars which is handling the protection against malicious code.

hope that helps and have a nice day ;)

Thank you, Alex. It was very good explanation.