Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP Enhancing a Simple PHP Application Adding Search: Controller & View Escaping Output Review

Dan Neumann
PLUS
Dan Neumann
Courses Plus Student 10,318 Points
Posted by Dan Neumann
Dan Neumann
Courses Plus Student 10,318 Points

Re-adding search term to text field

I was asked this question:

A visitor to our site has just performed a search for chocolate, which has returned no results. Change this code to display the search term in the search box again, making sure to protect the page against malicious code that might have been entered.

I've added a value to the text field but it says I need to add a value. I'm not sure what I'm doing wrong.

index.php 
<?php

require_once("inc/config.php");

$search_term = "";
if (isset($_GET["s"])) {
    $search_term = trim($_GET["s"]);
    if ($search_term != "") {
        require_once(ROOT_PATH . "inc/products.php");
        $products = get_products_search($search_term);
    }
}

$pageTitle = "Search";
$section = "search";
include(ROOT_PATH . "inc/header.php"); ?>

    <div class="section shirts search page">

        <div class="wrapper">

            <h1>Search</h1>

            <form method="get" action="./">
                <input type="text" name="s" value="<?php htmlspecialchars($search_term); ?>">
                <input type="submit" value="Go">
            </form>

            <?php

                if ($search_term != "") {
                    if (!empty($products)) {
                        echo '<ul class="products">';
                        foreach ($products as $product) {
                            echo get_list_view_html($product);
                        }
                        echo '</ul>';
                    } else {
                        echo '<p>No products were found matching that search term.</p>';
                    }
                }

            ?>

        </div>

    </div>

<?php include(ROOT_PATH . "inc/footer.php"); ?>

2 Answers

Cristian Altin
Cristian Altin
12,165 Points
Cristian Altin
Cristian Altin
12,165 Points

You forgot to echo the htmlspecialchars() output ;-)

Corey Cramer
Corey Cramer
9,453 Points
Corey Cramer
Corey Cramer
9,453 Points

As Cristian Altin said you have to echo the output. htmlspecialchars() converts a characters in a string into HTML entities so that malicious code can't be executed but does not output anything directly.