Home/ Questions/Q 7970699
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T07:27:36+00:00

I have a page index.php and i am fetching the values from url for

  • 0

I have a page index.php and i am fetching the values from url for a word.

<a href="index.php?skills=software engineer">Software Job</a>

In code below, it displaying the full value from $_GET, but its not showing in textbox

and url is 

http://localhost/mysite/index.php?skills=software%20engineer


<?php

    if (isset($_GET['skills']) and !empty($_GET['skills'])) {
        $is_skill = 1;  // true and has value
        $skill_data = $_GET['skills'];
        echo "The searched skills : " . $skill_data; // Here its displaying full values
    } else {
        $is_skill = 0;  // false and has no value
    }

?>



<input type="text" name="textbo1" <?php if ($is_skill == 1) { echo "value=" . $skill_data; } ?> />

Now, in textbox, its not display the full value ie software engineer where as in
php code output is

The searched skills : software engineer

and value in textbox : software

Dont know what is the issue, need help on this why it doesnot accept

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Attribute values with spaces in them must be quoted.

    value=software engineer

    … is parsed as “A value attribute with the value ‘software’ and ‘An engineer attribute’

    You are also vulnerable to an XSS attack and your URL is invalid.

    Corrected code:

    <a href="index.php?skills=software%20engineer">Software Job</a>

    and

    <input type="text" name="textbo1" <?php 
    if ($is_skill == 1) { 
        echo 'value="' . htmlspecialchars($skill_data) . '"'; 
    } 
?> />

    Note you need to make all instances of external data safe for HTML with htmlspecialchars, not just the one I fixed in this example.

    • 0