• # September 20, 2014 at 7:27 pm

    Using a data attribute is perfect for this


    # September 20, 2014 at 7:33 pm
    data-username="<?php echo $username; ?>"


    # September 20, 2014 at 8:48 pm

    Is putting PHP right inside of HTML like that best practice? Seems a bit sloppy. No?

    Yes and no. In this case, it is wholly templating-related, and that’s fine. It’s what PHP is for. It’s the business logic of your application that shouldn’t be mixed in with HTML.

    The fact that you’re worried about this sort of thing is a good sign, though.

    # September 21, 2014 at 5:05 pm

    Regarding this:

    while ($row = mysqli_fetch_array($comments)) {
        $comment =  htmlentities($row['comment']); 
        $comment_by = $row['comment_by'];
        <div id='commentbox'>
        <p><?php echo $comment;?></p>
        <span class='detail1' id='username'><?php echo $comment_by;?></span>
        <button onclick='post()'>Click</button>

    Why are you using an ID rather than a data-* attribute as discussed above? It would work fine, while using an ID would create multiple duplicate IDs on the page (which is invalid; every ID must be unique).

    <div id="commentbox" data-username="<?php echo $comment_by ?>">
        <p><?php echo $comment;?></p>
        <button onclick="post()">Click</button>
    # September 21, 2014 at 5:16 pm

    Also, using inline event handlers cause problems, one of which being that it makes it more difficult to get the value that you want. You should use .addEventListener (regardless) instead. See “Modern DOM Events” in this article.

    # September 21, 2014 at 5:21 pm

    I used the data-attribute earlier today and it gave me the same problem.

    Not quite: you’re not even getting to the part where you try to use the data attribute, because you’re still trying to select an element by a non-unique id. You can’t do this. It will never work. ids must be unique on a page.

    If you use modern event listeners, then you’ll get the event object when it fires, and you can find the element you’re looking for very easily:

    function commentbox_onClick( event ){
        var username ='data-username');
        console.log( username );
    # September 21, 2014 at 5:26 pm

    To clarify, there are really two problems here.

    1. In your PHP, you are outputting elements in a loop, all with the same id: commentbox, username, and so forth. However, HTML expects ids to be unique. commentbox should be a class name, username should be a data attribute. Remove the ids.

    2. In your JS, you’re using inline event handlers, which are very old (DOM0) and generally shouldn’t be used anymore. See my post above.

    # September 21, 2014 at 6:07 pm

    Ive never really worked with JS at all.

    Event handling is a hell of a place to start! : )

    Study, study, study. Here’s an example that does something close to what you’re attempting:

    # September 24, 2014 at 4:41 pm

    Are you talking about inline HTML in your markdown that is intended to be markup (and is displayed as text instead), or is intended to be displayed as text (and is displayed as encoded text instead)?

    Once you differentiate between the three possibilities you can make sure you’re applying htmlentities in the right spot. Beyond that, you might look at the $double_encode parameter for htmlentities and make sure you’re not encoding things twice.

    Let me know when you want to see code

    In general, you should automatically be sharing enough code to make your issue clear. When you know generally where the issue lies, all the more reason.

    # September 24, 2014 at 8:38 pm

    @traq @BenWalker OK. I am trying to get text to show as HTML elements (<h1>, <script>,

    ) on the page, so people can show their code. But I do not want the code to actually be interpreted as HTML. I have been using htmlenteties() in my code and it has been doing exactly that; but, with my new inline-code markdown, whenever I put a HTML tag inside the back ticks () the tags get displayed as this (<script>) when I really want that to say <script>. This works all of the time accept for when I put the text inside back ticks () when making the comment. So weird! Ive tried looking into html_enteties() a bit more, but nothing seems to be changing the result. Hoping there is a more solid function out there that I could use to accomplish this, or maybe theres just a bug in my code. Check it out:

    # September 24, 2014 at 8:55 pm

    If you look around line 350 of parsedown.php, you’ll see that it automatically encodes HTML markup inside of code blocks. You are also encoding the entire comment (indiscriminately) when you save it to the database, so the stuff inside the code block is getting double-encoded.

    Did you see my comment above about the $double_encode parameter for htmlentities?

    # September 24, 2014 at 8:59 pm

    @traq, wow, this is going to be a challenge then. Would $double_encode help fix this problem easier?

    # September 24, 2014 at 9:09 pm

    @traq , fixed it! Just went into ParseDown. php and removed the line where the text is converted into an entity. Should work fine now. Do you think this was the best method?

    # September 24, 2014 at 9:43 pm


    Did you read about what $double_encode is for?

    # September 24, 2014 at 9:45 pm

    Not yet, going to read up on it tomorrow morning.

Viewing 15 posts - 196 through 210 (of 211 total)

You must be logged in to reply to this topic.