Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
larsvasdias
5,154 PointsWhat's wrong with this code?
I originally tried it the way it was taught in the lesson, but when that didn't work I looked it up on php.net and there I found that 'htmlentities' should translate all html characters, but it still says that it sees some malicious code.
<?php require_once("controllers_listing.php");
$listing_name = trim(filter_input(INPUT_POST,"name",FILTER_SANITIZE_STRING));
$listing_link = trim(filter_input(INPUT_POST,"link",FILTER_SANITIZE_STRING));
$listing_description = trim(filter_input(INPUT_POST,"description",FILTER_SANITIZE_SPECIAL_CHARS));
?>
<html>
<body>
<h1>Edit Listing</h1>
<?php if (isset($error_message)) {
echo "<p class='message'>" . $error_message . "</p>";} ?>
<form method="post">
<table>
<tr>
<th>
<label for="name">Name</label>
</th>
<td>
<input id="name" name="name" value="<?php if (isset($listing_name)) {echo htmlentities($listing_name);} ?>">
</td>
</tr>
<tr>
<th>
<label for="Link">Link</label>
</th>
<td>
<input id="link" name="link" value="<?php if (isset($listing_link)) {echo htmlentities($listing_link);} ?>">
</td>
</tr>
<tr>
<th>
<label for="Description">Description</label>
</th>
<td>
<textarea id="description" name="description"><?php if (isset($listing_description)) {echo htmlentities($listing_description);} ?></textarea>
</td>
</tr>
</table>
<input type="submit" value="Save">
</form>
</body>
</html>