Function of php echo $this->escapeHtml($this->getUsername()How to escape output data?Validation of review's textfield, nothing seems to worksHow to validate Tiny MCE Editor in frontend custom form and how to do for uploading image from my PC in TinyMCE Editor in Magento1.9Recently product view not workingWhere is content of <?php echo $this->getChildHtml('left') ?>?How display success message after submit the form particular product catalog?Form Validation magentoPhp code and html within echoPopup form validation in magento2<?php echo $this->getChildHtml('order_totals') ?> finding pathWhere is content of <?php echo $this->getChildHtml('methods') ?>

Graduate student with abysmal English writing skills, how to help

Should disabled buttons give feedback when clicked?

Are there any sports for which the world's best player is female?

Confirming the Identity of a (Friendly) Reviewer After the Reviews

Why didn't Thanos kill all the Dwarves on Nidavellir?

Optimization terminology: "Exact" v. "Approximate"

LED glows slightly during soldering

Why return a static pointer instead of an out parameter?

What specific instant in time in the MCU has been depicted the most times?

Single word for "refusing to move to next activity unless present one is completed."

Addressing unnecessary daily meetings with manager?

How to befriend private nested class

Is English unusual in having no second person plural form?

How would vampires avoid contracting diseases?

Integer Lists of Noah

Why does wrapping aluminium foil around my food help it keep warm, even though aluminium is a good conductor?

Swapping "Good" and "Bad"

Why are they 'nude photos'?

Does throwing a penny at a train stop the train?

Why doesn't sea level show seasonality?

Is anyone advocating the promotion of homosexuality in UK schools?

Word meaning to destroy books

What's the point of having a RAID 1 configuration over incremental backups to a secondary drive?

What does the phrase "head down the rat's hole" mean here?



Function of php echo $this->escapeHtml($this->getUsername()


How to escape output data?Validation of review's textfield, nothing seems to worksHow to validate Tiny MCE Editor in frontend custom form and how to do for uploading image from my PC in TinyMCE Editor in Magento1.9Recently product view not workingWhere is content of <?php echo $this->getChildHtml('left') ?>?How display success message after submit the form particular product catalog?Form Validation magentoPhp code and html within echoPopup form validation in magento2<?php echo $this->getChildHtml('order_totals') ?> finding pathWhere is content of <?php echo $this->getChildHtml('methods') ?>






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








3















I have the below piece of code



 <ul class="form-list">
 <li>
 <label for="login-email" class="required"><em>*</em><?php echo $this->__('Email Address') ?></label>
 <div class="input-box">
 <input type="text" class="input-text required-entry validate-email" id="login-email" name="login[username]" value="<?php echo $this->escapeHtml($this->getUsername()) ?>" />
 </div>
 </li>
 <li>
 <label for="login-password" class="required"><em>*</em><?php echo $this->__('Password') ?></label>
 <div class="input-box">
 <input type="password" class="input-text required-entry" id="login-password" name="login[password]" />
 </div>
 </li>
 <?php echo $this->getChildHtml('form.additional.info'); ?>
 </ul>


While most of the above are clear, I am struggling to understand the use of the below line 



 <?php echo $this->escapeHtml($this->getUsername()) ?>


Why couldn't I have just done 



 <?php echo $this->getUsername()?>


If it is a blank form that is seeking input, then what is being echoed?



Thanks for the help






magento-1.9 php







share|improve this question
























  • Just to clarify, I am looking for the meaning of the $this->escapeHtml ..why couldnt I have simply done <?php echo $this->getUsername()?>

    – Vinu D
    Jul 14 '15 at 19:13

















3















I have the below piece of code



 <ul class="form-list">
 <li>
 <label for="login-email" class="required"><em>*</em><?php echo $this->__('Email Address') ?></label>
 <div class="input-box">
 <input type="text" class="input-text required-entry validate-email" id="login-email" name="login[username]" value="<?php echo $this->escapeHtml($this->getUsername()) ?>" />
 </div>
 </li>
 <li>
 <label for="login-password" class="required"><em>*</em><?php echo $this->__('Password') ?></label>
 <div class="input-box">
 <input type="password" class="input-text required-entry" id="login-password" name="login[password]" />
 </div>
 </li>
 <?php echo $this->getChildHtml('form.additional.info'); ?>
 </ul>


While most of the above are clear, I am struggling to understand the use of the below line 



 <?php echo $this->escapeHtml($this->getUsername()) ?>


Why couldn't I have just done 



 <?php echo $this->getUsername()?>


If it is a blank form that is seeking input, then what is being echoed?



Thanks for the help






magento-1.9 php







share|improve this question
























  • Just to clarify, I am looking for the meaning of the $this->escapeHtml ..why couldnt I have simply done <?php echo $this->getUsername()?>

    – Vinu D
    Jul 14 '15 at 19:13













3












3








3








I have the below piece of code



 <ul class="form-list">
 <li>
 <label for="login-email" class="required"><em>*</em><?php echo $this->__('Email Address') ?></label>
 <div class="input-box">
 <input type="text" class="input-text required-entry validate-email" id="login-email" name="login[username]" value="<?php echo $this->escapeHtml($this->getUsername()) ?>" />
 </div>
 </li>
 <li>
 <label for="login-password" class="required"><em>*</em><?php echo $this->__('Password') ?></label>
 <div class="input-box">
 <input type="password" class="input-text required-entry" id="login-password" name="login[password]" />
 </div>
 </li>
 <?php echo $this->getChildHtml('form.additional.info'); ?>
 </ul>


While most of the above are clear, I am struggling to understand the use of the below line 



 <?php echo $this->escapeHtml($this->getUsername()) ?>


Why couldn't I have just done 



 <?php echo $this->getUsername()?>


If it is a blank form that is seeking input, then what is being echoed?



Thanks for the help






magento-1.9 php







share|improve this question
















I have the below piece of code



 <ul class="form-list">
 <li>
 <label for="login-email" class="required"><em>*</em><?php echo $this->__('Email Address') ?></label>
 <div class="input-box">
 <input type="text" class="input-text required-entry validate-email" id="login-email" name="login[username]" value="<?php echo $this->escapeHtml($this->getUsername()) ?>" />
 </div>
 </li>
 <li>
 <label for="login-password" class="required"><em>*</em><?php echo $this->__('Password') ?></label>
 <div class="input-box">
 <input type="password" class="input-text required-entry" id="login-password" name="login[password]" />
 </div>
 </li>
 <?php echo $this->getChildHtml('form.additional.info'); ?>
 </ul>


While most of the above are clear, I am struggling to understand the use of the below line 



 <?php echo $this->escapeHtml($this->getUsername()) ?>


Why couldn't I have just done 



 <?php echo $this->getUsername()?>


If it is a blank form that is seeking input, then what is being echoed?



Thanks for the help






magento-1.9 php




magento-1.9 php






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jul 2 at 9:32









Andhi Irawan

4641 gold badge8 silver badges20 bronze badges




4641 gold badge8 silver badges20 bronze badges










asked Jul 14 '15 at 18:28









Vinu DVinu D

761 silver badge10 bronze badges




761 silver badge10 bronze badges












  • Just to clarify, I am looking for the meaning of the $this->escapeHtml ..why couldnt I have simply done <?php echo $this->getUsername()?>

    – Vinu D
    Jul 14 '15 at 19:13

















  • Just to clarify, I am looking for the meaning of the $this->escapeHtml ..why couldnt I have simply done <?php echo $this->getUsername()?>

    – Vinu D
    Jul 14 '15 at 19:13
















Just to clarify, I am looking for the meaning of the $this->escapeHtml ..why couldnt I have simply done <?php echo $this->getUsername()?>

– Vinu D
Jul 14 '15 at 19:13





Just to clarify, I am looking for the meaning of the $this->escapeHtml ..why couldnt I have simply done <?php echo $this->getUsername()?>

– Vinu D
Jul 14 '15 at 19:13










1 Answer
1






active

oldest

votes


















9














Mage_Core_Model_Abstract::escapeHtml($data) is used to convert special characters to HTML entities from the passing data. That means it is used to avoid cross-site scripting (XSS) via special characters



The code $this->escapeHtml($this->getUserName()) is equivalent to



 htmlspecialchars($this->getUserName(), ENT_COMPAT, 'UTF-8', false);


This is needed here because, when you have submitted the login form with wrong credentials, then Magento will populate the username field with previous POSTed username. But also it makes sure, there is no special characters present in the username field by enclosing user_name in escapeHtml() function.



There are also similar functions available in Mage_Core_Helper_Abstract and in Mage_Core_Model_Abstract classes. It will worth if you have a look over there. If you are lazy, then go through this.






share|improve this answer



























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "479"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f74413%2ffunction-of-php-echo-this-escapehtmlthis-getusername%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    9














    Mage_Core_Model_Abstract::escapeHtml($data) is used to convert special characters to HTML entities from the passing data. That means it is used to avoid cross-site scripting (XSS) via special characters



    The code $this->escapeHtml($this->getUserName()) is equivalent to



     htmlspecialchars($this->getUserName(), ENT_COMPAT, 'UTF-8', false);


    This is needed here because, when you have submitted the login form with wrong credentials, then Magento will populate the username field with previous POSTed username. But also it makes sure, there is no special characters present in the username field by enclosing user_name in escapeHtml() function.



    There are also similar functions available in Mage_Core_Helper_Abstract and in Mage_Core_Model_Abstract classes. It will worth if you have a look over there. If you are lazy, then go through this.






    share|improve this answer





























      9














      Mage_Core_Model_Abstract::escapeHtml($data) is used to convert special characters to HTML entities from the passing data. That means it is used to avoid cross-site scripting (XSS) via special characters



      The code $this->escapeHtml($this->getUserName()) is equivalent to



       htmlspecialchars($this->getUserName(), ENT_COMPAT, 'UTF-8', false);


      This is needed here because, when you have submitted the login form with wrong credentials, then Magento will populate the username field with previous POSTed username. But also it makes sure, there is no special characters present in the username field by enclosing user_name in escapeHtml() function.



      There are also similar functions available in Mage_Core_Helper_Abstract and in Mage_Core_Model_Abstract classes. It will worth if you have a look over there. If you are lazy, then go through this.






      share|improve this answer



























        9












        9








        9







        Mage_Core_Model_Abstract::escapeHtml($data) is used to convert special characters to HTML entities from the passing data. That means it is used to avoid cross-site scripting (XSS) via special characters



        The code $this->escapeHtml($this->getUserName()) is equivalent to



         htmlspecialchars($this->getUserName(), ENT_COMPAT, 'UTF-8', false);


        This is needed here because, when you have submitted the login form with wrong credentials, then Magento will populate the username field with previous POSTed username. But also it makes sure, there is no special characters present in the username field by enclosing user_name in escapeHtml() function.



        There are also similar functions available in Mage_Core_Helper_Abstract and in Mage_Core_Model_Abstract classes. It will worth if you have a look over there. If you are lazy, then go through this.






        share|improve this answer















        Mage_Core_Model_Abstract::escapeHtml($data) is used to convert special characters to HTML entities from the passing data. That means it is used to avoid cross-site scripting (XSS) via special characters



        The code $this->escapeHtml($this->getUserName()) is equivalent to



         htmlspecialchars($this->getUserName(), ENT_COMPAT, 'UTF-8', false);


        This is needed here because, when you have submitted the login form with wrong credentials, then Magento will populate the username field with previous POSTed username. But also it makes sure, there is no special characters present in the username field by enclosing user_name in escapeHtml() function.



        There are also similar functions available in Mage_Core_Helper_Abstract and in Mage_Core_Model_Abstract classes. It will worth if you have a look over there. If you are lazy, then go through this.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Apr 13 '17 at 12:54









        Community

        1




        1










        answered Jul 15 '15 at 2:23









        Rajeev K TomyRajeev K Tomy

        14.7k5 gold badges45 silver badges91 bronze badges




        14.7k5 gold badges45 silver badges91 bronze badges



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Magento Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f74413%2ffunction-of-php-echo-this-escapehtmlthis-getusername%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Category:9 (number) SubcategoriesMedia in category "9 (number)"Navigation menuUpload mediaGND ID: 4485639-8Library of Congress authority ID: sh85091979ReasonatorScholiaStatistics

            Image
            Natural numbersSquare numbersCategories requiring diffusion Help Category:9 (number) From Wikimedia Commons, the free media repository Jump to navigation Jump to search number: 9 (nine) instance of: natural number, deficient number, square number, composite number, odd number, centered cube number, centered octagonal number and nonagonal number other integers: -8 • -4 • -2 • -1 • 0 • 1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 • 10 • 11 • 12 • 13 • 14 • 15 • 16 • 17 • 18 • 19 • 20 • 21 • 22 • 23 • 24 • 25 • 26 • 27 • 28 • 29 -20 • 0 • 10 • 20 • 30 • 40 • 50 • 60 • 70 • 80 • 90 • 100 • 110 • 120 • 130 • 140 • 150 • 160 • 170 • 180 • 190 • 200 This category has become too crowded. It should list very few images directly. Files should be moved to subcategories where appropriate. New subcategories can be created. Some files need to be moved elsewhere. Search for more categories: fulltext, Main Page, topics, meta categories. Please remove or replace this tag
            Read more

            Circuit construction for execution of conditional statements using least significant bitHow are two different registers being used as “control”?How exactly is the stated composite state of the two registers being produced using the $R_zz$ controlled rotations?Efficiently performing controlled rotations in HHLWould this quantum algorithm implementation work?How to prepare a superposed states of odd integers from $1$ to $sqrtN$?Why is this implementation of the order finding algorithm not working?Circuit construction for Hamiltonian simulationHow can I invert the least significant bit of a certain term of a superposed state?Implementing an oracleImplementing a controlled sum operation

            Image
            How to attach cable mounting points to a bicycle frame? Is Jon Snow the last of his House? A steel cutting sword? I know that there is a preselected candidate for a position to be filled at my department. What should I do? Is the field of q-series 'dead'? How to cut a climbing rope? Do photons bend spacetime or not? Where have Brexit voters gone? Is it legal to have an abortion in another state or abroad? Did this character show any indication of wanting to rule before S8E6? How to respond to upset student? Compaq Portable vs IBM 5155 Portable PC Is the Indo-European language family made up? Can I summon an otherworldly creature with the Gate spell without knowing its true name? USPS Back Room - Trespassing? Can my floppy disk still work without a shutter spring? Alternatives to achieve certain output format Are black holes spherical during merger? Can the product of any two aperiodic functions which are defined on the entire number line be p
            Read more

            Magento 2 “No Payment Methods” in Admin New OrderHow to integrate Paypal Express Checkout with the Magento APIMagento 1.5 - Sales > Order > edit order and shipping methods disappearAuto Invoice Check/Money Order Payment methodAdd more simple payment methods?Shipping methods not showingWhat should I do to change payment methods if changing the configuration has no effects?1.9 - No Payment Methods showing upMy Payment Methods not Showing for downloadable/virtual product when checkout?Magento2 API to access internal payment methodHow to call an existing payment methods in the registration form?

            Image
            What is the meaning of [[:space:]] in bash? Is this artwork (used in a video game) real? What happens on Day 6? Link of a singularity Should I be able to keep my company purchased standing desk when I leave my job? Alternator dying so junk car? A scene of Jimmy diversity Is the Gritty Realism variant incompatible with dungeon-based adventures? What could be reasoning of male prison in VR world to only allow undershirt and sarong as nightwear to male prisoners Why does FFmpeg choose 10+20+20 ms instead of an even 16 ms for 60 fps GIF images? Sending a photo of my bank account card to the future employer Advice for paying off student loans and auto loans now that I have my first 'real' job If I stood next to a piece of metal heated to a million degrees, but in a perfect vacuum, would I feel hot? What made Windows ME so crash-prone? Can a dragon's breath weapon pass through Leomund's Tiny Hut? Did 007 exist before James Bond? Is there a sour
            Read more