20

I've got a php variable like so.. $name = $_REQUEST['name']; I'd like to put it in a HTML form field's value e.g in here.. <input type="text" name="name" value=(php variable here) /> How would I do so?

Thanks.

Improve this question

2 Answers 2

Reset to default
45 
value="<?php echo htmlspecialchars($name); ?>"
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

10

You can do it like this,

<input type="text" name="name" value="<?php echo $name;?>" />

But seen as you've taken it straight from user input, you want to sanitize it first so that nothing nasty is put into the output of your page.

<input type="text" name="name" value="<?php echo htmlspecialchars($name);?>" />
Improve this answer

3 Comments

Short tags are deprecated and that opens up a lovely world of XSS (since $name is clearly indicated as user generated content in the code provided in the question)
Thanks, I noticed the sanitizing once I'd answered and was already updating when you posted this comment ;) I've updated my answer to remove the short tags after your comment though. I know they're deprecated, but I still use them so it was just automatic to type it out that way.
That isn't properly sanitized. Quotes are still allowed and you didn't set the character set.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.