Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Posted by suatyee ng
suatyee ng
3,040 Points

Code challange escaping output review

A visitor to our site has just performed a search for chocolate, which has returned no results. Change this code to display the search term in the search box again, making sure to protect the page against malicious code that might have been entered.

I already protected the code, but what else do I need to do?

<?php

require_once("inc/config.php");

$search_term = "";
if (isset($_GET["s"])) {
    $search_term = trim($_GET["s"]);
    if ($search_term != "") {
        require_once(ROOT_PATH . "inc/products.php");
        $products = get_products_search($search_term);
    }
}

$pageTitle = "Search";
$section = "search";
include(ROOT_PATH . "inc/header.php"); ?>

    <div class="section shirts search page">

        <div class="wrapper">

            <h1>Search</h1>

            <form method="get" action="./">
                <input type="text" name="s" id="s" value="<?php if(isset($s)) { echo htmlspecialchars($s); } ?>">
                <input type="submit" value="Go">
            </form>

            <?php

                if ($search_term != "") {
                    echo $search_term;
                    if (!empty($products)) {
                        echo '<ul class="products">';
                        foreach ($products as $product) {
                            echo get_list_view_html($product);
                        }
                        echo '</ul>';

                    } else {
                        echo '<p>No products were found matching that search term.</p>';
                    }
                }

            ?>

        </div>

    </div>

<?php include(ROOT_PATH . "inc/footer.php"); ?>
Kevin Stout
Kevin Stout
5,439 Points

I am having trouble with this too. This is the line of code I changed. But the error message says, "Bummer! To place text inside a text input field, you should give it a value attribute." 

<input type="text" name="s" id="s" value="<?php if(isset($search_term)) { echo htmlspecialchars($search_term); } ?>">
Randy Hoyt
Randy Hoyt
Treehouse Guest Teacher
Randy Hoyt
Randy Hoyt
Treehouse Guest Teacher

Hey @Kevin, That should pass; sorry about the trouble! If you remove the id="s", it will work. You don't really need to add that, but it should still work ... the code challenge is just not expecting that. I'll see what I can do to get that fixed.

Kevin Stout
Kevin Stout
5,439 Points

Thanks Randy!

4 Answers

Joey English
Joey English
22,675 Points
Joey English
Joey English
22,675 Points

This had me stumped for a bit as well. Look for an actual variable ($foo = bar) that has been declared that contains the search term.

Randy Hoyt
STAFF
Randy Hoyt
Treehouse Guest Teacher
Randy Hoyt
Randy Hoyt
Treehouse Guest Teacher

If you look closely, the name of the PHP variable containing the search term is not $s.

Ernst van Megen
Ernst van Megen
3,541 Points
Ernst van Megen
Ernst van Megen
3,541 Points

It only validates correctly if you remove the 

id="s"

from the string

<input type="text" name="s" id="s" value="<?php if(isset($search_term)) { echo htmlspecialchars($search_term); } ?>">
Charmaine Wallace
Charmaine Wallace
22,276 Points
Charmaine Wallace
Charmaine Wallace
22,276 Points

My mistake, using $s instead of $search_term. Doh!!! Didn't take me nearly 20 minutes to give up and check the forums at all ....