Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community!

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Devin Gray
Devin Gray
39,261 Points
Posted by Devin Gray
Devin Gray
39,261 Points

enhancing a simple php application => adding search controller view => escaping output review

Here's the quiz question: "A visitor to our site has just performed a search for chocolate, which has returned no results. Change this code to display the search term in the search box again, making sure to protect the page against malicious code that might have been entered."

I have no idea on what to do, I've looked at other forum topics and I'm almost positive my answer is right. Is there something that I'm missing?

<input type="text" name="s"  value="<?php if(isset($search_term)) { echo htmlspecialchars($search_term); } ?>">

I've also tried replacing the $search_term variable with $_GET and $s and they all say the same thing:

'To place text inside a text input field, you should give it a value attribute.'

Thanks.

Saransh Kalia
Saransh Kalia
516 Points

Please use this

<input type="text" value="<?php if (!$products){ echo htmlspecialchars($search_term); }?>" name="s">

Saransh Kalia
Saransh Kalia
516 Points 
  <input type="text" value="<?php if (!$products){ echo htmlspecialchars($search_term); }?>" name="s">
Devin Gray
Devin Gray
39,261 Points
Devin Gray
Devin Gray
39,261 Points

Oh my goodness! Thank you! Worked like a charm! :)

Saransh Kalia
Saransh Kalia
516 Points

No worries dear ! :)

2 Answers

Kang-Kyu Lee
Kang-Kyu Lee
52,045 Points
Kang-Kyu Lee
Kang-Kyu Lee
52,045 Points

This might be... "performed a search for chocolate, which has returned no results" part could be considered as a condition. However for me, "isset($search_term)" worked also.

alexismaillard
alexismaillard
2,023 Points
alexismaillard
alexismaillard
2,023 Points

Yes, I also preferred use "isset($search_term)" function. It worked well:

<input type="text" name="s" value="<?php if (isset($search_term)) {echo htmlspecialchars($search_term); }?>">
Niccolò Mineo
Niccolò Mineo
8,687 Points
Niccolò Mineo
Niccolò Mineo
8,687 Points

May someone explain why the condition is "!$products", please?

Thank you