CODEWITHSUNDEEP
phphtmlformsescaping
stckxchgusr
stckxchgusr

Reputation: 15

Escaping PHP within HTML within PHP

I'm having (noob) trouble escaping php code within a html form that's within a php block, and would greatly appreciate help solving this.

Here's the original code before I try to escape the PHP inside the PHP. The part of it that isn't being parsed is the php block inside the div class ="control-group".

<?php if (!isset($_POST['myform'])) { echo   

'<form method="POST" action="">
<fieldset>
<legend>Sign Up</legend>
<label>Username</label>
<div class="control-group'<?php if ($error) { echo ' error'; } ?>"'>';
}

<?php if (isset($myformsuccess) {
   echo '<other html with more <?php ?> inside it>';
}

Here's my failed attempt at escaping the php:

<?php if (!isset($_POST['myform'])) { echo 

'<form method="POST" action="">
<fieldset>
<legend>Sign Up</legend>
<label>Username</label>
<div class="control-group'<?php if (\$error) { echo \' error\'; } ?>'">';
}

I have tried to put the html inside '' and escape $ with \ (and "" when inside PHP, not shown above), but PHP is not liking this.

The reason for doing this is that rather than directing to a page after the form has been processed (validated etc, which is all working), I want to display different html replacing the original form. Once I've learned how to escape and parse the above code, I can then escape the following html and php I've left out, and do this.

Thanks

Upvotes: 0

Views: 1058

Answers (3)

AliSaeed_
AliSaeed_

Reputation: 1

$error It can be parameters ($_GET) or whatever, the variable must be = true when the error occurs.

To print a variable or use it inside another variable or (echo) it with HTML code, you should pay attention to the quotation marks (") and (').

If you have used (") for the variable containing html, to print the other variable inside the variable containing html use (just use the variable) without adding any of (") or (') as in the following example:

<?php
$string_1 = " This is string 1";
$string_2 = " this is string 2 ";

$string_final = "<h3>$string_1 - $string_2</h3>";

echo $string_final
  
  /* output:
  This is string 1 - this is string 2 
  */ 
  ?>

But if you have used ( ' ) for the variable containing HTML, to print the other variable inside the variable containing HTML use ( ' . $string . ' ) by adding a quotation mark (') enclosing it with a colon (..) and in the middle between the colons the name of the variable Which you want to include, as in the following example:

<?php
  $string_1 = " This is string 1";
  $string_2 = " this is string 2 ";

  echo '<h3>'.$string_1.'-'.$string_2.'-</h3>';
  
  /* output:
  This is string 1 - this is string 2
  */ 
  ?>

So now, in your case, the code should be as follows, knowing that you want to print a variable inside another variable, you want to print $error inside the echo code

(we treat echo like a variable when using the quotation mark)

, so the code should be as follows:

<?php 
if (!isset($_POST['myform'])) { 
    // $error can a $_GET[] 
    if($error){
        // If $error is set 
        $GetError_msg = "Something went wrong";
        $GetError_class = "error";
    } else {
        // if $error is not set
        $GetError_msg = "";
        $GetError_class = "";
    }
    echo '<form method="POST" action="">
    <strong>' . $GetError_msg . '</strong>
    <fieldset> 
    <legend>Sign Up</legend>
    <label>Username</label>
    <div class="control-group' . $GetError_msg . '">';
}
?>

Source: PHP Variables - php.net

Upvotes: 0

Giacomo1968
Giacomo1968

Reputation: 26066

Here is another approach based on your code. Many new PHP programmers try to balance HTML formatting with PHP code as if that is a truly important thing. In some cases it might be. In many cases it is better to leverage the power of PHP scripting to more easily format text & separate logic from display. In this case, I took your HTML for the if (!isset($_POST['myform'])) { and made it a part of a variable structure. I find that easier to work with & it makes formatting issues like this simpler to debug.

<?php

if (!isset($_POST['myform'])) {

  $form = '<form method="POST" action="">';
  $form .= '<fieldset>';
  $form .= '<legend>Sign Up</legend>';
  $form .= '<label>Username</label>';

  $error = '';
  if ($error) {
    $error = ' error';
  }
  $form .= '<div class="control-group' . $error . '>';
  echo $form;
}

if (isset($myformsuccess) {
   echo '<other html with more <?php ?> inside it>';
}

Upvotes: 0

John Conde
John Conde

Reputation: 219824

There's a few different ways to do this. In my example I took the dynamic part of your string and set it before you echo out your string. Then I just concatenate it to the end of the string.

<?php 
if (!isset($_POST['myform'])) { 

    $err_msg = ($error) ? ' error' : '';

    echo '<form method="POST" action="">
    <fieldset>
    <legend>Sign Up</legend>
    <label>Username</label>
    <div class="control-group' . $err_msg . '">';
}

Upvotes: 3

Related Questions