Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

PHP

Code challange escaping output review

A visitor to our site has just performed a search for chocolate, which has returned no results. Change this code to display the search term in the search box again, making sure to protect the page against malicious code that might have been entered.

I already protected the code, but what else do I need to do?

<?php

require_once("inc/config.php");

$search_term = "";
if (isset($_GET["s"])) {
    $search_term = trim($_GET["s"]);
    if ($search_term != "") {
        require_once(ROOT_PATH . "inc/products.php");
        $products = get_products_search($search_term);
    }
}

$pageTitle = "Search";
$section = "search";
include(ROOT_PATH . "inc/header.php"); ?>

    <div class="section shirts search page">

        <div class="wrapper">

            <h1>Search</h1>

            <form method="get" action="./">
                <input type="text" name="s" id="s" value="<?php if(isset($s)) { echo htmlspecialchars($s); } ?>">
                <input type="submit" value="Go">
            </form>

            <?php

                if ($search_term != "") {
                    echo $search_term;
                    if (!empty($products)) {
                        echo '<ul class="products">';
                        foreach ($products as $product) {
                            echo get_list_view_html($product);
                        }
                        echo '</ul>';

                    } else {
                        echo '<p>No products were found matching that search term.</p>';
                    }
                }

            ?>

        </div>

    </div>

<?php include(ROOT_PATH . "inc/footer.php"); ?>

I am having trouble with this too. This is the line of code I changed. But the error message says, "Bummer! To place text inside a text input field, you should give it a value attribute."

<input type="text" name="s" id="s" value="<?php if(isset($search_term)) { echo htmlspecialchars($search_term); } ?>">
Randy Hoyt
Randy Hoyt
Treehouse Guest Teacher

Hey @Kevin, That should pass; sorry about the trouble! If you remove the id="s", it will work. You don't really need to add that, but it should still work ... the code challenge is just not expecting that. I'll see what I can do to get that fixed.

Thanks Randy!

4 Answers

Joey English
Joey English
22,675 Points

This had me stumped for a bit as well. Look for an actual variable ($foo = bar) that has been declared that contains the search term.

Randy Hoyt
STAFF
Randy Hoyt
Treehouse Guest Teacher

If you look closely, the name of the PHP variable containing the search term is not $s.

It only validates correctly if you remove the

id="s"  

from the string

<input type="text" name="s" id="s" value="<?php if(isset($search_term)) { echo htmlspecialchars($search_term); } ?>">
Charmaine Wallace
Charmaine Wallace
22,276 Points

My mistake, using $s instead of $search_term. Doh!!! Didn't take me nearly 20 minutes to give up and check the forums at all ....