Rewrite the print statement in the final version of handle_post.php (Script 5.7)
ID: 3843718 • Letter: R
Question
Rewrite the print statement in the final version of handle_post.php (Script 5.7) so that it uses single quotation marks and concatenation instead of double quotation marks.
Here is script 5.7...
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Forum Posting</title>
</head>
<body>
<?php // Script 5.7 - handle_post.php #6
/* This script receives five values from posting.html:
first_name, last_name, email, posting, submit */
// Address error management, if you want.
// Get the values from the $_POST array.
// Strip away extra spaces using trim():
$first_name = trim($_POST['first_name']);
$last_name = trim($_POST['last_name']);
$posting = trim($_POST['posting']);
// Create a full name variable:
$name = $first_name . ' ' . $last_name;
// Get a word count:
$words = str_word_count($posting);
// Take out the bad words:
$posting = str_ireplace('badword', 'XXXXX', $posting);
// Print a message:
print "<div>Thank you, $name, for your posting:
<p>$posting</p>
<p>($words words)</p></div>";
?>
</body>
</html>
Explanation / Answer
A string is created when you use single quotes or double quotes to enclose a collection of characters.
A string defined in single quotes is defined exactly by the characters enclosed between the quotes; there are no substitutions. A string defined in double quotes will replace PHP variables used within the string with the value of the variables.
<!DOCTYPE html PUBLIC >
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Handle Post</title>
</head>
<body>
<h1>Handle Posting</h1>
<?php
/* Explore strings in PHP, using form "posting.html".
* Pass information to another script thanks.php
* Count words and trim posting to 50 characters.
*
* This script receives 5 variables from the $_POST array
* form_page = name of form
* first_name, last_name
* email = email address
* posting = content to be posted
* process the posting text to be safe when sent back to browser
*/
/*
* To display PHP error messages, PHP must be configured to display_errors.
* the following code queries the option and ensures that it is set on.
* if debug is true, ensure all error reporting and debugging code is turned on.
*/
$debug = false; // debug turns on error messages and dumps of variables
if ($debug) {
$display_errors = ini_get('display_errors');
if ( $display_errors == false ) {
print "<p>display_errors is false. ";
ini_set ('display_errors', 1);
print "set display_errors ON.</p>";
error_reporting(E_ALL | E_STRICT);
} else {
print "<p>display_errors is true.</p>";
error_reporting(E_ALL | E_STRICT);
}
}
/*
* Script 5.3 variables (values passed via POST method)
* Limited safety measures taken on input values.
*/
$first_name = trim(strip_tags($_POST['first_name']));
$last_name = trim(strip_tags($_POST['last_name']));
$email = $_POST['email'];
$raw_posting = trim($_POST['posting']);
$posting = nl2br($raw_posting); //use nl2br() to preserve newlines as breaks in html
$source = $_POST['form_page']; // hidden field
if ($source != "posting.html") {
die ("Something is amiss; not called from posting.html");
}
/*
* Don't dump posting because it may contain javascript code,
* i.e. tried <script>alert("hello")</script> which caused a popup window
* Converting to HTML entities; disables the execution of the
* scripts and html tags by the browser.
*/
$safe_post = htmlentities($_POST['posting']);
if ($debug) {
print 'htmlentities(_POST[posting])=<br />';
var_dump($safe_post);
}
/*
* if "<script>" or "<SCRIPT>" is detected - don't process it.
* strstr(haystack, needle, before_needle) searches for needle in haystack
* returns first instance or string before needle.
* stristr() same as strstr() except case independent
*/
$script_detected = false; // script detected in posting
$scriptclean_posting = stristr($raw_posting, "<script>", TRUE);
if ($scriptclean_posting === false) {
if ($debug) print "stristr says posting is clean.<br />";
} else {
if ($debug) {
print "stristr found <script>.<br />";
print "clean_posting: $scriptclean_posting<br />";
}
$posting = nl2br($scriptclean_posting);
$script_detected = true;
}
/*
* format values before printing
*/
$name = $first_name . ' ' . $last_name;
/*
* process posting data to be safer to send back to browser
*/
if ($script_detected) {
print "<p>Script detected in original posting.<br />";
print "Original contained a script: $safe_post</p>";
}
// Get word count (from raw_posting and not nl2br(posting)
$words = str_word_count($raw_posting);
/* Disable truncation of posting to 50 characters
$posting = substr($posting, 0, 50);
*/
// replace 'badword' words
$badword = "badword";
$replacement = "****";
$posting = str_ireplace($badword, $replacement, $posting);
// Print a message
print "<div>Thank you, $name, for your posting:";
print "<p>$posting</p>";
print "<p>($words words)</p></div>";
/*
* Disable following urlencode() code in final version of handle_post.php
*
$name = urlencode($name);
$email = urlencode($_POST['email']);
print '<p>Click <a href="thanks.php?name=' . $name . '&email='. $email .'">here</a> to continue.</p>';
*/
?>
</body>
</html>
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.