Calling an iframe by Php

I tried calling an Iframe like this but it did not work ! Why is it so ?

 <iframe id="frame" src="load.php?sinput="<开发者_StackOverflow中文版?php echo $_GET["sinput"]; ?> > </iframe>

---

$_GET['sinput'] needs to be within the double quotes of the src argument:

<iframe id="frame" src="load.php?sinput=<?php echo $_GET['sinput'] ?>">
</iframe>

---

Simply put - why couldn't you :) The PHP code's output goes into the HTML markup, leading to the ?sinput= being followed just by what the $_GET['sinput'] has in PHP. However, doing that without parameter sanitization is a very bad idea, as a hypothetical attacker can basically input arbitrary HTML - and JavaScript! - in your page with a specifically crafted link. (See the Wikipedia article on cross-site scripting for more information.)

Anyway, you say that it doesn't work - what does the page have there, then? Literally

<iframe src="load.php?sinput=<?php echo $_GET['sinput']; ?>">

or

<iframe src="load.php?sinput=">

? If it's the first one, then your web server is not properly recognizing the page as containing PHP code, if the second, your PHP script doesn't find anything in the $_GET['sinput'] variable.