Home/ Questions/Q 6650933
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T00:57:02+00:00

When Im trying to validate my PHP output data my echo string puts a

  • 0

When Im trying to validate my PHP output data my echo string puts a <br /> after the tag, how can I prevent this ?

as you see in the first row after background-color: an
shows up from no where and it’s screwing up my validatation.

Im trying to validate in Transitional

This is my entire script

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> 
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 
<title>Visitkort</title> 

<style type="text/css">
body {
    background-color:#efefef;
}

#kort{
position:absolute;
margin-top:30px;
padding-left:5px;
padding-right:25px;
margin-left:450px;
background-color:<?php echo($_POST['color']);?>;
color:<?php echo($_REQUEST['fontcolor']);?>;
font-family: <?php echo($_REQUEST['typsnitt']);?>;
}
</style>

</head>

<body>


<form id="form" method="post" action="visitkort.php">
<table width="300">
<tr>
<td>Företag: </td>
<td>    
<input type="text" name="enterprise" id="enterprise" value="<?php echo isset($_POST['enterprise']) ? $_POST['enterprise'] : '' ?>" />
</td>
</tr>
<tr>
<td>
Efternamn: </td>
<td>
<input type="text" name="lastname" id="lastname" value="<?php echo isset($_POST['lastname']) ? $_POST['lastname'] : '' ?>"/>
</td>
</tr>
<tr>
<td>namn: </td>
<td>
<input type="text" name="namn" id="namn" value="<?php echo isset($_POST['namn']) ? $_POST['namn'] : '' ?>"/>
</td>
</tr>
<tr>
<td>
Title:</td>
<td> 
<input type="text" name="title" id="title" value="<?php echo isset($_POST['title']) ? $_POST['title'] : '' ?>"/>
</td>
</tr><tr>
<td>
Phone:
</td>
<td> 
<input type="text" name="phone" id="phone" value="<?php echo isset($_POST['phone']) ? $_POST['phone'] : '' ?>"/>
</td>
</tr><tr>
<td>
E-mail:
</td>
<td>
<input type="text" name="mail" id="mail" value="<?php echo isset($_POST['mail']) ? $_POST['mail'] : '' ?>"/>
</td>
</tr><tr>
<td>
Typsnitt:
</td>
<td>
<select id="typsnitt" name="typsnitt">
<option value="Verdana">Verdana</option>
<option value="Arial">Arial</option>
<option value="Tahoma">Tahoma</option>
<option value="Impact">Impact</option>
</select>
</td>
</tr><tr>
<td>
Bakgrundsfärg: 
</td>
<td>
<select name="color" id="color">
<option value="#799ef1" 
<?php if(isset($_POST['color']) && $_POST['color'] == '#799ef1') 
echo ' selected="selected"';
?>
>Ljus blå</option>

<option value="#f0f179" 
<?php if(isset($_POST['color']) && $_POST['color'] == '#f0f179') 
echo ' selected="selected"';
?>
>Ljus gult</option>
<option value="#fff" 
<?php if(isset($_POST['color']) && $_POST['color'] == '#fff') 
echo ' selected="selected"';
?>
>Vit</option>

<option value="#64b6c1" 
<?php if(isset($_POST['color']) && $_POST['color'] == '#64b6c1') 
echo ' selected="selected"';
?>
>Turkos</option>
<option value="red" 
<?php if(isset($_POST['color']) && $_POST['color'] == 'red') 
echo ' selected="selected"';
?>
>röd</option>
</select>
</td>
</tr><tr>

<td>
Textfärg: 
</td>
<td>
<select name="fontcolor" id="fontcolor">
<option value="#000" 
<?php if(isset($_POST['fontcolor']) && $_POST['fontcolor'] == '#799ef1') 
echo ' selected="selected"';
?>
>Välj Färg</option>

<option value="#799ef1" 
<?php if(isset($_POST['fontcolor']) && $_POST['fontcolor'] == '#799ef1') 
echo ' selected="selected"';
?>
>Ljus blå</option>

<option value="#f0f179" 
<?php if(isset($_POST['fontcolor']) && $_POST['fontcolor'] == '#f0f179') 
echo ' selected="selected"';
?>
>Ljus gult</option>
<option value="#fff" 
<?php if(isset($_POST['fontcolor']) && $_POST['fontcolor'] == '#fff') 
echo ' selected="selected"';
?>
>Vit</option>

<option value="#64b6c1" 
<?php if(isset($_POST['fontcolor']) && $_POST['fontcolor'] == '#64b6c1') 
echo ' selected="selected"';
?>
>Turkos</option>
<option value="red" 
<?php if(isset($_POST['fontcolor']) && $_POST['fontcolor'] == 'red') 
echo ' selected="selected"';
?>
>röd</option>
</select>
</td>
</tr><tr>

<td colspan="2">
<input type="submit" name="go" id="go" value="Skapa visitkort" />
<input type="button" value="Rensa" onclick="window.location.reload();return false" />
</td>
</tr>

</form>

<div id="kort">
<?php

if(isset($_REQUEST["go"])){ 
echo($_REQUEST["enterprise"] . "<br/>");    
echo($_REQUEST["lastname"] . " "); 
echo($_REQUEST["namn"] . "<br/>");
echo($_REQUEST["title"] . "<br/>"."<br/>");     
echo($_REQUEST["phone"] . "<br/>"); 
echo($_REQUEST["mail"] . "<br/>");  

}
else{ 
?>

<?php

}
?>
</div>


</body>
</html>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This output is from xdebug, because there is an error. $_POST['color'] is not defined.

    Notice: Undefined index: color in C:\wamp\www\Labb3.1\visitkort.php on line 10

    You should always validate user input before using it for anything. Verify it’s a value that you can use, and is safe to use, before printing to the output. If it’s an array like $_POST, make sure the index exists before attempting to read it.

    Be very careful to validate and filter any user input you use in your output, and be mindful of XSS attacks. This is not merely a suggestion, but something you should be dedicated to.

    Learn more: https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

    To simply prevent the error you have to do something like this:

    background-color:<?php echo isset($_POST['color']) ? $_POST['color'] : 'someDefaultColor'; ?>;

    However:

    You really should validate the values, at the very least htmlspecialchars($_POST['color']), but even then – you can get broken CSS which will affect the entire page. Consider writing one or more validation/filtering functions to ensure the value is appropriate to use in CSS output (which is beyond the scope of this question). Make sure it’s a 3 or 6 digit hex, or within a predetermined array of named color values.

    • 0