0

I'm having (noob) trouble escaping php code within a html form that's within a php block, and would greatly appreciate help solving this.

Here's the original code before I try to escape the PHP inside the PHP. The part of it that isn't being parsed is the php block inside the div class ="control-group".

<?php if (!isset($_POST['myform'])) { echo   

'<form method="POST" action="">
<fieldset>
<legend>Sign Up</legend>
<label>Username</label>
<div class="control-group'<?php if ($error) { echo ' error'; } ?>"'>';
}

<?php if (isset($myformsuccess) {
   echo '<other html with more <?php ?> inside it>';
}

Here's my failed attempt at escaping the php:

<?php if (!isset($_POST['myform'])) { echo 

'<form method="POST" action="">
<fieldset>
<legend>Sign Up</legend>
<label>Username</label>
<div class="control-group'<?php if (\$error) { echo \' error\'; } ?>'">';
}

I have tried to put the html inside '' and escape $ with \ (and "" when inside PHP, not shown above), but PHP is not liking this.

The reason for doing this is that rather than directing to a page after the form has been processed (validated etc, which is all working), I want to display different html replacing the original form. Once I've learned how to escape and parse the above code, I can then escape the following html and php I've left out, and do this.

Thanks

Improve this question
1
  • Both answers are awesome! I've tried the first so far, however I've new a problem now, which is where I test for (!isset) the same error variable later in my form to display different content. To explain - the form code above, changes the form field class to give it a red error outline. The code I am now having trouble with, afterwards tests to see if the same error variable isn't set, and if it isn't it keeps the descriptive text under the form eg Please fill in the field, and if set, it shows an error alert box below explaining the error. I can no longer do this as when not set $error == ''. Commented Nov 21, 2013 at 8:39

3 Answers 3

Reset to default
3

There's a few different ways to do this. In my example I took the dynamic part of your string and set it before you echo out your string. Then I just concatenate it to the end of the string.

<?php 
if (!isset($_POST['myform'])) { 

    $err_msg = ($error) ? ' error' : '';

    echo '<form method="POST" action="">
    <fieldset>
    <legend>Sign Up</legend>
    <label>Username</label>
    <div class="control-group' . $err_msg . '">';
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks, I've learned lots from this, and have implemented it, but it has now caused me another issue, haha. Please see my comment below my original post. Any help resolving that would be appreciated!
0

Here is another approach based on your code. Many new PHP programmers try to balance HTML formatting with PHP code as if that is a truly important thing. In some cases it might be. In many cases it is better to leverage the power of PHP scripting to more easily format text & separate logic from display. In this case, I took your HTML for the if (!isset($_POST['myform'])) { and made it a part of a variable structure. I find that easier to work with & it makes formatting issues like this simpler to debug.

<?php

if (!isset($_POST['myform'])) {

  $form = '<form method="POST" action="">';
  $form .= '<fieldset>';
  $form .= '<legend>Sign Up</legend>';
  $form .= '<label>Username</label>';

  $error = '';
  if ($error) {
    $error = ' error';
  }
  $form .= '<div class="control-group' . $error . '>';
  echo $form;
}

if (isset($myformsuccess) {
   echo '<other html with more <?php ?> inside it>';
}
Improve this answer

1 Comment

I kind of understand this, haha. But I think I need to clear my mind and look at it with less sleepy eyes tomorrow morning. However, it's started me thinking a lot differently about how I separate, as you say, 'logic from display'. Thanks for such a well thought out solution!
0

$error It can be parameters ($_GET) or whatever, the variable must be = true when the error occurs.

To print a variable or use it inside another variable or (echo) it with HTML code, you should pay attention to the quotation marks (") and (').

If you have used (") for the variable containing html, to print the other variable inside the variable containing html use (just use the variable) without adding any of (") or (') as in the following example:

<?php
$string_1 = " This is string 1";
$string_2 = " this is string 2 ";

$string_final = "<h3>$string_1 - $string_2</h3>";

echo $string_final
  
  /* output:
  This is string 1 - this is string 2 
  */ 
  ?>

But if you have used ( ' ) for the variable containing HTML, to print the other variable inside the variable containing HTML use ( ' . $string . ' ) by adding a quotation mark (') enclosing it with a colon (..) and in the middle between the colons the name of the variable Which you want to include, as in the following example:

<?php
  $string_1 = " This is string 1";
  $string_2 = " this is string 2 ";

  echo '<h3>'.$string_1.'-'.$string_2.'-</h3>';
  
  /* output:
  This is string 1 - this is string 2
  */ 
  ?>

So now, in your case, the code should be as follows, knowing that you want to print a variable inside another variable, you want to print $error inside the echo code

(we treat echo like a variable when using the quotation mark)

, so the code should be as follows:

<?php 
if (!isset($_POST['myform'])) { 
    // $error can a $_GET[] 
    if($error){
        // If $error is set 
        $GetError_msg = "Something went wrong";
        $GetError_class = "error";
    } else {
        // if $error is not set
        $GetError_msg = "";
        $GetError_class = "";
    }
    echo '<form method="POST" action="">
    <strong>' . $GetError_msg . '</strong>
    <fieldset> 
    <legend>Sign Up</legend>
    <label>Username</label>
    <div class="control-group' . $GetError_msg . '">';
}
?>

Source: PHP Variables - php.net

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.