Function of php echo $this->escapeHtml($this->getUsername()How to escape output data?Validation of review's textfield, nothing seems to worksHow to validate Tiny MCE Editor in frontend custom form and how to do for uploading image from my PC in TinyMCE Editor in Magento1.9Recently product view not workingWhere is content of <?php echo $this->getChildHtml('left') ?>?How display success message after submit the form particular product catalog?Form Validation magentoPhp code and html within echoPopup form validation in magento2<?php echo $this->getChildHtml('order_totals') ?> finding pathWhere is content of <?php echo $this->getChildHtml('methods') ?>

Graduate student with abysmal English writing skills, how to help

Should disabled buttons give feedback when clicked?

Are there any sports for which the world's best player is female?

Confirming the Identity of a (Friendly) Reviewer After the Reviews

Why didn't Thanos kill all the Dwarves on Nidavellir?

Optimization terminology: "Exact" v. "Approximate"

LED glows slightly during soldering

Why return a static pointer instead of an out parameter?

What specific instant in time in the MCU has been depicted the most times?

Single word for "refusing to move to next activity unless present one is completed."

Addressing unnecessary daily meetings with manager?

How to befriend private nested class

Is English unusual in having no second person plural form?

How would vampires avoid contracting diseases?

Integer Lists of Noah

Why does wrapping aluminium foil around my food help it keep warm, even though aluminium is a good conductor?

Swapping "Good" and "Bad"

Why are they 'nude photos'?

Does throwing a penny at a train stop the train?

Why doesn't sea level show seasonality?

Is anyone advocating the promotion of homosexuality in UK schools?

Word meaning to destroy books

What's the point of having a RAID 1 configuration over incremental backups to a secondary drive?

What does the phrase "head down the rat's hole" mean here?



Function of php echo $this->escapeHtml($this->getUsername()


How to escape output data?Validation of review's textfield, nothing seems to worksHow to validate Tiny MCE Editor in frontend custom form and how to do for uploading image from my PC in TinyMCE Editor in Magento1.9Recently product view not workingWhere is content of <?php echo $this->getChildHtml('left') ?>?How display success message after submit the form particular product catalog?Form Validation magentoPhp code and html within echoPopup form validation in magento2<?php echo $this->getChildHtml('order_totals') ?> finding pathWhere is content of <?php echo $this->getChildHtml('methods') ?>






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








3















I have the below piece of code



 <ul class="form-list">
 <li>
 <label for="login-email" class="required"><em>*</em><?php echo $this->__('Email Address') ?></label>
 <div class="input-box">
 <input type="text" class="input-text required-entry validate-email" id="login-email" name="login[username]" value="<?php echo $this->escapeHtml($this->getUsername()) ?>" />
 </div>
 </li>
 <li>
 <label for="login-password" class="required"><em>*</em><?php echo $this->__('Password') ?></label>
 <div class="input-box">
 <input type="password" class="input-text required-entry" id="login-password" name="login[password]" />
 </div>
 </li>
 <?php echo $this->getChildHtml('form.additional.info'); ?>
 </ul>


While most of the above are clear, I am struggling to understand the use of the below line 



 <?php echo $this->escapeHtml($this->getUsername()) ?>


Why couldn't I have just done 



 <?php echo $this->getUsername()?>


If it is a blank form that is seeking input, then what is being echoed?



Thanks for the help






magento-1.9 php







share|improve this question
























  • Just to clarify, I am looking for the meaning of the $this->escapeHtml ..why couldnt I have simply done <?php echo $this->getUsername()?>

    – Vinu D
    Jul 14 '15 at 19:13

















3















I have the below piece of code



 <ul class="form-list">
 <li>
 <label for="login-email" class="required"><em>*</em><?php echo $this->__('Email Address') ?></label>
 <div class="input-box">
 <input type="text" class="input-text required-entry validate-email" id="login-email" name="login[username]" value="<?php echo $this->escapeHtml($this->getUsername()) ?>" />
 </div>
 </li>
 <li>
 <label for="login-password" class="required"><em>*</em><?php echo $this->__('Password') ?></label>
 <div class="input-box">
 <input type="password" class="input-text required-entry" id="login-password" name="login[password]" />
 </div>
 </li>
 <?php echo $this->getChildHtml('form.additional.info'); ?>
 </ul>


While most of the above are clear, I am struggling to understand the use of the below line 



 <?php echo $this->escapeHtml($this->getUsername()) ?>


Why couldn't I have just done 



 <?php echo $this->getUsername()?>


If it is a blank form that is seeking input, then what is being echoed?



Thanks for the help






magento-1.9 php







share|improve this question
























  • Just to clarify, I am looking for the meaning of the $this->escapeHtml ..why couldnt I have simply done <?php echo $this->getUsername()?>

    – Vinu D
    Jul 14 '15 at 19:13













3












3








3








I have the below piece of code



 <ul class="form-list">
 <li>
 <label for="login-email" class="required"><em>*</em><?php echo $this->__('Email Address') ?></label>
 <div class="input-box">
 <input type="text" class="input-text required-entry validate-email" id="login-email" name="login[username]" value="<?php echo $this->escapeHtml($this->getUsername()) ?>" />
 </div>
 </li>
 <li>
 <label for="login-password" class="required"><em>*</em><?php echo $this->__('Password') ?></label>
 <div class="input-box">
 <input type="password" class="input-text required-entry" id="login-password" name="login[password]" />
 </div>
 </li>
 <?php echo $this->getChildHtml('form.additional.info'); ?>
 </ul>


While most of the above are clear, I am struggling to understand the use of the below line 



 <?php echo $this->escapeHtml($this->getUsername()) ?>


Why couldn't I have just done 



 <?php echo $this->getUsername()?>


If it is a blank form that is seeking input, then what is being echoed?



Thanks for the help






magento-1.9 php







share|improve this question
















I have the below piece of code



 <ul class="form-list">
 <li>
 <label for="login-email" class="required"><em>*</em><?php echo $this->__('Email Address') ?></label>
 <div class="input-box">
 <input type="text" class="input-text required-entry validate-email" id="login-email" name="login[username]" value="<?php echo $this->escapeHtml($this->getUsername()) ?>" />
 </div>
 </li>
 <li>
 <label for="login-password" class="required"><em>*</em><?php echo $this->__('Password') ?></label>
 <div class="input-box">
 <input type="password" class="input-text required-entry" id="login-password" name="login[password]" />
 </div>
 </li>
 <?php echo $this->getChildHtml('form.additional.info'); ?>
 </ul>


While most of the above are clear, I am struggling to understand the use of the below line 



 <?php echo $this->escapeHtml($this->getUsername()) ?>


Why couldn't I have just done 



 <?php echo $this->getUsername()?>


If it is a blank form that is seeking input, then what is being echoed?



Thanks for the help






magento-1.9 php




magento-1.9 php






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jul 2 at 9:32









Andhi Irawan

4641 gold badge8 silver badges20 bronze badges




4641 gold badge8 silver badges20 bronze badges










asked Jul 14 '15 at 18:28









Vinu DVinu D

761 silver badge10 bronze badges




761 silver badge10 bronze badges












  • Just to clarify, I am looking for the meaning of the $this->escapeHtml ..why couldnt I have simply done <?php echo $this->getUsername()?>

    – Vinu D
    Jul 14 '15 at 19:13

















  • Just to clarify, I am looking for the meaning of the $this->escapeHtml ..why couldnt I have simply done <?php echo $this->getUsername()?>

    – Vinu D
    Jul 14 '15 at 19:13
















Just to clarify, I am looking for the meaning of the $this->escapeHtml ..why couldnt I have simply done <?php echo $this->getUsername()?>

– Vinu D
Jul 14 '15 at 19:13





Just to clarify, I am looking for the meaning of the $this->escapeHtml ..why couldnt I have simply done <?php echo $this->getUsername()?>

– Vinu D
Jul 14 '15 at 19:13










1 Answer
1






active

oldest

votes


















9














Mage_Core_Model_Abstract::escapeHtml($data) is used to convert special characters to HTML entities from the passing data. That means it is used to avoid cross-site scripting (XSS) via special characters



The code $this->escapeHtml($this->getUserName()) is equivalent to



 htmlspecialchars($this->getUserName(), ENT_COMPAT, 'UTF-8', false);


This is needed here because, when you have submitted the login form with wrong credentials, then Magento will populate the username field with previous POSTed username. But also it makes sure, there is no special characters present in the username field by enclosing user_name in escapeHtml() function.



There are also similar functions available in Mage_Core_Helper_Abstract and in Mage_Core_Model_Abstract classes. It will worth if you have a look over there. If you are lazy, then go through this.






share|improve this answer



























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "479"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f74413%2ffunction-of-php-echo-this-escapehtmlthis-getusername%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    9














    Mage_Core_Model_Abstract::escapeHtml($data) is used to convert special characters to HTML entities from the passing data. That means it is used to avoid cross-site scripting (XSS) via special characters



    The code $this->escapeHtml($this->getUserName()) is equivalent to



     htmlspecialchars($this->getUserName(), ENT_COMPAT, 'UTF-8', false);


    This is needed here because, when you have submitted the login form with wrong credentials, then Magento will populate the username field with previous POSTed username. But also it makes sure, there is no special characters present in the username field by enclosing user_name in escapeHtml() function.



    There are also similar functions available in Mage_Core_Helper_Abstract and in Mage_Core_Model_Abstract classes. It will worth if you have a look over there. If you are lazy, then go through this.






    share|improve this answer





























      9














      Mage_Core_Model_Abstract::escapeHtml($data) is used to convert special characters to HTML entities from the passing data. That means it is used to avoid cross-site scripting (XSS) via special characters



      The code $this->escapeHtml($this->getUserName()) is equivalent to



       htmlspecialchars($this->getUserName(), ENT_COMPAT, 'UTF-8', false);


      This is needed here because, when you have submitted the login form with wrong credentials, then Magento will populate the username field with previous POSTed username. But also it makes sure, there is no special characters present in the username field by enclosing user_name in escapeHtml() function.



      There are also similar functions available in Mage_Core_Helper_Abstract and in Mage_Core_Model_Abstract classes. It will worth if you have a look over there. If you are lazy, then go through this.






      share|improve this answer



























        9












        9








        9







        Mage_Core_Model_Abstract::escapeHtml($data) is used to convert special characters to HTML entities from the passing data. That means it is used to avoid cross-site scripting (XSS) via special characters



        The code $this->escapeHtml($this->getUserName()) is equivalent to



         htmlspecialchars($this->getUserName(), ENT_COMPAT, 'UTF-8', false);


        This is needed here because, when you have submitted the login form with wrong credentials, then Magento will populate the username field with previous POSTed username. But also it makes sure, there is no special characters present in the username field by enclosing user_name in escapeHtml() function.



        There are also similar functions available in Mage_Core_Helper_Abstract and in Mage_Core_Model_Abstract classes. It will worth if you have a look over there. If you are lazy, then go through this.






        share|improve this answer















        Mage_Core_Model_Abstract::escapeHtml($data) is used to convert special characters to HTML entities from the passing data. That means it is used to avoid cross-site scripting (XSS) via special characters



        The code $this->escapeHtml($this->getUserName()) is equivalent to



         htmlspecialchars($this->getUserName(), ENT_COMPAT, 'UTF-8', false);


        This is needed here because, when you have submitted the login form with wrong credentials, then Magento will populate the username field with previous POSTed username. But also it makes sure, there is no special characters present in the username field by enclosing user_name in escapeHtml() function.



        There are also similar functions available in Mage_Core_Helper_Abstract and in Mage_Core_Model_Abstract classes. It will worth if you have a look over there. If you are lazy, then go through this.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Apr 13 '17 at 12:54









        Community

        1




        1










        answered Jul 15 '15 at 2:23









        Rajeev K TomyRajeev K Tomy

        14.7k5 gold badges45 silver badges91 bronze badges




        14.7k5 gold badges45 silver badges91 bronze badges



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Magento Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f74413%2ffunction-of-php-echo-this-escapehtmlthis-getusername%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Get product attribute by attribute group code in magento 2get product attribute by product attribute group in magento 2Magento 2 Log Bundle Product Data in List Page?How to get all product attribute of a attribute group of Default attribute set?Magento 2.1 Create a filter in the product grid by new attributeMagento 2 : Get Product Attribute values By GroupMagento 2 How to get all existing values for one attributeMagento 2 get custom attribute of a single product inside a pluginMagento 2.3 How to get all the Multi Source Inventory (MSI) locations collection in custom module?Magento2: how to develop rest API to get new productsGet product attribute by attribute group code ( [attribute_group_code] ) in magento 2

            Image
            Is it safe to keep the GPU on 100% utilization for a very long time? What happens when the drag force exceeds the weight of an object falling into earth? shebang or not shebang The unknown and unexplained in science fiction Are wands in any sort of book going to be too much like Harry Potter? How do I minimise waste on a flight? Concatenate all values of the same XML element using XPath/XQuery Did any early RISC OS precursor run on the BBC Micro? Single supply non-inverting amplifier using op amp Employee is self-centered and affects the team negatively Why always 4...dxc6 and not 4...bxc6 in the Ruy Lopez Exchange? TikZ/PGF draw algorithm Learning how to read schematics, questions about fractional voltage in schematic How can I test a shell script in a "safe environment" to avoid harm to my computer? A♭ major 9th chord in Bach is unexpectedly dissonant/jazzy What detail can Hubble see on Mars? Drug Testing and Prescribed Medications Justific
            Read more

            Category:9 (number) SubcategoriesMedia in category "9 (number)"Navigation menuUpload mediaGND ID: 4485639-8Library of Congress authority ID: sh85091979ReasonatorScholiaStatistics

            Image
            Natural numbersSquare numbersCategories requiring diffusion Help Category:9 (number) From Wikimedia Commons, the free media repository Jump to navigation Jump to search number: 9 (nine) instance of: natural number, deficient number, square number, composite number, odd number, centered cube number, centered octagonal number and nonagonal number other integers: -8 • -4 • -2 • -1 • 0 • 1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 • 10 • 11 • 12 • 13 • 14 • 15 • 16 • 17 • 18 • 19 • 20 • 21 • 22 • 23 • 24 • 25 • 26 • 27 • 28 • 29 -20 • 0 • 10 • 20 • 30 • 40 • 50 • 60 • 70 • 80 • 90 • 100 • 110 • 120 • 130 • 140 • 150 • 160 • 170 • 180 • 190 • 200 This category has become too crowded. It should list very few images directly. Files should be moved to subcategories where appropriate. New subcategories can be created. Some files need to be moved elsewhere. Search for more categories: fulltext, Main Page, topics, meta categories. Please remove or replace this tag
            Read more

            Magento 2.3: How do i solve this, Not registered handle, on custom form?How can i rewrite TierPrice Block in Magento2magento 2 captcha not rendering if I override layout xmlmain.CRITICAL: Plugin class doesn't existMagento 2 : Problem while adding custom button order view page?Magento 2.2.5: Overriding Admin Controller sales/orderMagento 2.2.5: Add, Update and Delete existing products Custom OptionsMagento 2.3 : File Upload issue in UI Component FormMagento2 Not registered handleHow to configured Form Builder Js in my custom magento 2.3.0 module?Magento 2.3. How to create image upload field in an admin form

            Image
            2000s (or earlier) cyberpunk novel: dystopia, mega storm, omnipresent noise How important is it for multiple POVs to run chronologically? PhD: When to quit and move on? Motorcyle Chain needs to be cleaned every time you lube it? Why do most airliners have underwing engines, while business jets have rear-mounted engines? How to supply water to a coastal desert town with no rain and no freshwater aquifers? How come a desk dictionary be abridged? What's the big deal about the Nazgûl losing their horses? Is this standard Japanese employment negotiations, or am I missing something? Should I increase my 401(k) contributions, or increase my mortgage payments Is there a way to change the aspect ratio of a DNG file? Why is there paternal, for fatherly, fraternal, for brotherly, but no similar word for sons? What can a novel do that film and TV cannot? Is conquering your neighbors to fight a greater enemy a valid strategy? /api/sitecore is not working in CD server
            Read more