ITEC 325 2015spring ibarland

home—lects—examshws
D2L—breeze (snow day)

quiz02
sanitizing input; testing form-handlers
quiz

1. Recall the various string functions:
   • nl2br — take in a string, and return a similar string with with each newline character replaced with the seven characters “<br />↵”.
   • htmlspecialchars — take in a string, and return a similar string with
     • each “<” character replaced with the four characters “&lt;”
     • each “>” character replaced with the four characters “&gt;”
     • each “&” character replaced with the five characters “&amp;”
     • each “'” character replaced with the six characters “&apos;”
     • each “"” character replaced with the six characters “&quot;”

   Suppose on a web form with <textarea name="details" rows="3" cols="70" /> a user types

   By & by,
   bye!
   

   For each of the following, give two answers:
   1. What the resulting string is, (your answer should be in double-quotes, and represent newlines with “\n”)
   and
   2. how that string, regarded as html, gets rendered by a browser (your answer will be a drawing of what would appear on the screen). Or, if the result is not legal xhtml, indicate that instead.
   1. nl2br( $_POST['details'] )
      i. result:                                                                                                                                                                 
      ii. rendered as:

   2. htmlspecialchars( $_POST['details'] )
      i. result:                                                                                                                                                                 
      ii. rendered as:

   3. htmlspecialchars( nl2br( $_POST['details'] ) )
      i. result:                                                                                                                                                                 
      ii. rendered as:

   4. nl2br( htmlspecialchars( $_POST['details'] ) )
      i. result:                                                                                                                                                                 
      ii. rendered as:

2. Suppose that form.html is a form with the above <input type="textarea" name="details" />, and it submits (POSTs) to form-handle.php.

   Complete the two-line program to “demo” form-handler.php without having to use form.html, or even use the web at all. (Use the “by & by” sample-input from #1 above.)

   <?php                  require(                  ); ?>

home—lects—examshws
D2L—breeze (snow day)

©2015, Ian Barland, Radford University Last modified 2015.Feb.18 (Wed)

Please mail any suggestions (incl. typos, broken links) to ibarlandradford.edu