I have HTML content (a form) that will show only if a condition is met and will be shown by the echo method. I am trying to parse code that is in PHP. I receive syntax errors and I'm not sure how to go about this since I need to parse next to values such as submit="", or value="", etc. Here is an example:
if(isset($_GET['handle']) && !isset($_GET['serial_key']))
{
$allowtoEnterSN='True';
$a_handle= mysql_escape_string($_GET['handle']);
echo ' <span class="activation_bold">Please activate your account to continue.</span></p>
<form id="activate" name="activate" method="post" action="activate_check.php?handle='.$_POST['a_handle'].'&serial_key='.$_POST['serial_key'].'">
<p class="activation_reg">Please enter your Serial Key Number to activate.</p>
<p class="activation_reg">
<label for="user_name">Handle</label>
<input name="user_name" type="text" class="activation_reg" id="user_name" />
</p>
<p class="activation_reg">
<label for="serial_key">Serial Key Number</label>
<input name="serial_key" type="text" class="activation_reg" id="serial_key" size="40" />
<input name="submit" type="submit" class="a_button" id="submit" value="Activate" />
<input name="a_handle" type="hidden" id="a_handle" value="<? echo $a_handle ?>" />
</p>
</form>'
}
Latest Update
if(isset($_GET['handle']) && !isset($_GET['serial_key']))
{
$allowtoEnterSN='True';
$a_handle= mysql_escape_string($_GET['handle']);
echo <<<HTML
<p&开发者_StackOverflow中文版gt;
<span class="activation_bold">Please activate your account to continue.</span></p>
<form id="activate" name="activate" method="post" action="activate_check.php?handle={$_POST['a_handle']}&serial_key={$_POST['serial_key']}">
<p class="activation_reg">
<label for="serial_key">Serial Key Number</label>
<input name="serial_key" type="text" class="activation_reg" id="serial_key" size="40" />
<input name="submit" type="submit" class="a_button" id="submit" value="Activate" />
<input name="a_handle" type="hidden" id="a_handle" value="$a_handle" />
</p>
</form>
HTML;}
Last Update at 1634ct
if(isset($_GET['handle']) && !isset($_GET['serial_key']))
{
$allowtoEnterSN='True';
$a_handle= mysql_escape_string($_GET['handle']);
echo <<< EOD
<span class="activation_bold">Please activate your account to continue.</span></p>
<form id="activate" name="activate" method="post" action="activate_check.php?handle='.$_POST['a_handle'].'&serial_key='.$_POST['serial_key'].'">
<p class="activation_reg">Please enter your Serial Key Number to activate.</p>
<p class="activation_reg">
<label for="user_name">Handle</label>
<input name="user_name" type="text" class="activation_reg" id="user_name" />
</p>
<p class="activation_reg">
<label for="serial_key">Serial Key Number</label>
<input name="serial_key" type="text" class="activation_reg" id="serial_key" size="40" />
<input name="submit" type="submit" class="a_button" id="submit" value="Activate" />
<input name="a_handle" type="hidden" id="a_handle" value="<? echo $a_handle ?>" />
</p>
</form>
EOD;
}
Rather than a single-quoted string, you should use a HEREDOC, which will interpolate the variables you need. Enclose complex variables in {}.
echo<<<HTML
<span class="activation_bold">Please activate your account to continue.</span></p>
<form id="activate" name="activate" method="post" action="activate_check.php?handle={$_POST['a_handle']}&serial_key={$_POST['serial_key']">
<!-- SNIP -- >
<p class="activation_reg">
<label for="serial_key">Serial Key Number</label>
<input name="serial_key" type="text" class="activation_reg" id="serial_key" size="40" />
<input name="submit" type="submit" class="a_button" id="submit" value="Activate" />
<!-- now just use $a_handle -->
<input name="a_handle" type="hidden" id="a_handle" value="$a_handle" />
</p>
</form>
HTML;
ADDENDUM: Crash course in HEREDOC:
A HEREDOC is a multiline string which perserves formatting and behaves like a double-quoted string, interpolating PHP variables accordingly.
To begin a HEREDOC, use the <<< operator, followed by some identifier (VAR in the example). End it with the same identifier (VAR) at the beginning of its own line, unindented, and followed by a semi-colon (VAR;). If it is indented or followed by whitespace, it will not work correctly.
$heredoc_var =<<<VAR
Now you can type whatever you want including $variables.
And over multiple lines.
VAR; <--- No extra whitespace here and must be at the beginning of the line!!!!
I'm not sure if this answers your question, but there's an error here:
<span class="activation_bold">Please activate your account to continue.</span></p>
There is no starting <p>.
Edit: Also look at Damien Pirsy's answer for another problem.
<input name="a_handle" type="hidden" id="a_handle" value="<? echo $a_handle ?>" />
You're writing echo inside a single-quote string, it wouldn't work.
Should be:
'.....<input name="a_handle" type="hidden" id="a_handle" value="'.$a_handle.'" />....'
Question: why use $a_handle= mysql_escape_string($_GET['handle']); ?
Are they going to eneter a database later?
- Use
mysql_real_escape_stringinstead, if that's the case. - Else, if you're looking for an escape, it might be an html escape (against XSS attacks). You should at least use
htmlentities($_GET['handle'])instead;
I'm not sure if this is your only problem but: You're missing a semicolon after the </form>'. It should be </form>';
I also recommend you use HEREDOC notation like one of the other answers suggests. It is much cleaner for long strings. Additionally, as someone else said, you are opening yourself up to XSS attacks if you don't escape your output with htmlentities and urlencode (depending on where in the HTML the text is). See: http://en.wikipedia.org/wiki/Cross-site_scripting
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论