CODEWITHSUNDEEP
phphtml
user1926711
user1926711

Reputation: 81

how to put php scripts in html scripts in a php script

I know my question is kind of confusing but what I meant is that I want to display an HTML form in a PHP 'echo'. So my entire HTML code is inside my php open and closing tags and then inside my HTML script I wanted to have a php code but I get an error saying:

Parse error: syntax error, unexpected 'echo' (T_ECHO), expecting ',' or ';'

and my code goes something like this:

<?php
   echo '<form method="post" id="customForm" action="add_assessment.php">
    <table>
     // this line is where I get the error
    <input type="hidden" name="res_id" value='echo($_GET['res_id']);' />
?>

Upvotes: 2

Views: 155

Answers (5)

DampeS8N
DampeS8N

Reputation: 3621

. can be used to concatenate strings. You can also use , which sends them as separate echos. 

<?php
   echo '<form method="post" id="customForm" action="add_assessment.php">
    <table>
    <input type="hidden" name="res_id" value="' . intval($_GET['res_id']) . '" />';
?>

Don't forget XSS protections. The intval() is turning the user input from $_GET into an integer, ensuring that it isn't malicious. It seems this is an important ID for your system. You should ensure that changing it won't break your code, if it will, consider using Sessions instead.

XSS or Cross Site Scripting, is when an attack injects javascript onto your page in an attempt to make it work differently or redirect the user. In this case, an attacker could send this form to a different location. If this form contains Credit Card info, other personal info, or internal data from your application; an attacker could gain access to that info simply by linking a user to the form with the bad data in it.

If setup right, the user might not ever even know they had their information stolen!

Upvotes: 2

Sharlike
Sharlike

Reputation: 1789

You can use . to concatenate strings in PHP. So you could write it like so:

<?php
   echo '<form method="post" id="customForm" action="add_assessment.php">
    <table>
     // this line is where I get the error
   <input type="hidden" name="res_id" value="'.$_GET['res_id'].'" />';
?>

Upvotes: 5

devOp
devOp

Reputation: 3180

Here you find a explanation from the offical php documentation how to work with the php-tag: http://php.net/manual/en/language.basic-syntax.phpmode.php

Upvotes: 1

Jeffrey
Jeffrey

Reputation: 1239

Here you go:

<?php
   echo '<form method="post" id="customForm" action="add_assessment.php">
    <table>
    <input type="hidden" name="res_id" value="' . $_GET['res_id'] . '" />';
?>

Upvotes: 1

Wojciech Zylinski
Wojciech Zylinski

Reputation: 2035

<?php
   echo '<form method="post" id="customForm" action="add_assessment.php">
    <table>
    <input type="hidden" name="res_id" value="' . $_GET['res_id'] . '" />';
?>

Upvotes: 1

Related Questions