1

I have HTML content (a form) that will show only if a condition is met and will be shown by the echo method. I am trying to parse code that is in PHP. I receive syntax errors and I'm not sure how to go about this since I need to parse next to values such as submit="", or value="", etc. Here is an example:

if(isset($_GET['handle']) && !isset($_GET['serial_key']))
{
  $allowtoEnterSN='True';   
  $a_handle= mysql_escape_string($_GET['handle']);
  echo '          <span class="activation_bold">Please activate your account to continue.</span></p>
          <form id="activate" name="activate" method="post" action="activate_check.php?handle='.$_POST['a_handle'].'&amp;serial_key='.$_POST['serial_key'].'">
            <p class="activation_reg">Please enter your Serial Key Number to activate.</p>
            <p class="activation_reg">
              <label for="user_name">Handle</label>
              <input name="user_name" type="text" class="activation_reg" id="user_name" />
            </p>
            <p class="activation_reg">
              <label for="serial_key">Serial Key Number</label>
              <input name="serial_key" type="text" class="activation_reg" id="serial_key" size="40" />
              <input name="submit" type="submit" class="a_button" id="submit" value="Activate" />
              <input name="a_handle" type="hidden" id="a_handle" value="<? echo $a_handle ?>" />
            </p>
          </form>'  

}

Latest Update

if(isset($_GET['handle']) && !isset($_GET['serial_key']))
{
  $allowtoEnterSN='True';   
  $a_handle= mysql_escape_string($_GET['handle']);

  echo <<<HTML
  <p>
<span class="activation_bold">Please activate your account to continue.</span></p>

<form id="activate" name="activate" method="post" action="activate_check.php?handle={$_POST['a_handle']}&amp;serial_key={$_POST['serial_key']}">


        <p class="activation_reg">
          <label for="serial_key">Serial Key Number</label>
          <input name="serial_key" type="text" class="activation_reg" id="serial_key" size="40" />
          <input name="submit" type="submit" class="a_button" id="submit" value="Activate" />


          <input name="a_handle" type="hidden" id="a_handle" value="$a_handle" />
        </p>
      </form>
HTML;}

Last Update at 1634ct

if(isset($_GET['handle']) && !isset($_GET['serial_key']))
{
  $allowtoEnterSN='True';   
  $a_handle= mysql_escape_string($_GET['handle']);
  echo <<< EOD 
  <span class="activation_bold">Please activate your account to continue.</span></p>
          <form id="activate" name="activate" method="post" action="activate_check.php?handle='.$_POST['a_handle'].'&amp;serial_key='.$_POST['serial_key'].'">
            <p class="activation_reg">Please enter your Serial Key Number to activate.</p>
            <p class="activation_reg">
              <label for="user_name">Handle</label>
              <input name="user_name" type="text" class="activation_reg" id="user_name" />
            </p>
            <p class="activation_reg">
              <label for="serial_key">Serial Key Number</label>
              <input name="serial_key" type="text" class="activation_reg" id="serial_key" size="40" />
              <input name="submit" type="submit" class="a_button" id="submit" value="Activate" />
              <input name="a_handle" type="hidden" id="a_handle" value="<? echo $a_handle ?>" />
            </p>
          </form>
EOD;    
}
Improve this question
4
  • Can you please include the surrounding PHP code that echos your HTML? Commented Jun 15, 2011 at 20:00
  • Please add as well the error messages you get to your question. Commented Jun 15, 2011 at 20:01
  • I have updated the HTML code. There are no browser errors just an error in Dreamweaver that reflects there is a syntax error in the code. Commented Jun 15, 2011 at 20:03
  • Your code has as security risk in it. Make sure you use urlencode() around those $_POST values. Commented Jun 15, 2011 at 20:07

4 Answers 4

Reset to default
3

Rather than a single-quoted string, you should use a HEREDOC, which will interpolate the variables you need. Enclose complex variables in {}.

echo<<<HTML
<span class="activation_bold">Please activate your account to continue.</span></p>
      <form id="activate" name="activate" method="post" action="activate_check.php?handle={$_POST['a_handle']}&amp;serial_key={$_POST['serial_key']">

        <!-- SNIP -- >

        <p class="activation_reg">
          <label for="serial_key">Serial Key Number</label>
          <input name="serial_key" type="text" class="activation_reg" id="serial_key" size="40" />
          <input name="submit" type="submit" class="a_button" id="submit" value="Activate" />

          <!-- now just use $a_handle -->
          <input name="a_handle" type="hidden" id="a_handle" value="$a_handle" />
        </p>
      </form>
HTML;

ADDENDUM: Crash course in HEREDOC:

A HEREDOC is a multiline string which perserves formatting and behaves like a double-quoted string, interpolating PHP variables accordingly.

To begin a HEREDOC, use the <<< operator, followed by some identifier (VAR in the example). End it with the same identifier (VAR) at the beginning of its own line, unindented, and followed by a semi-colon (VAR;). If it is indented or followed by whitespace, it will not work correctly.

$heredoc_var =<<<VAR
  Now you can type whatever you want including $variables.

  And over multiple lines.
VAR;  <--- No extra whitespace here and must be at the beginning of the line!!!!
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Might me nice to explain what a HEREDOC is for the novice. +1 for a simple and direct solution.
Yeah, heredoc is far better in this case. I'd even suggest using html with interpolated php. +1 nonetheless
@Tom HEREDOC description added.
Hmmmm. Dreamweaver doesn't like it at all :-/. I begin getting syntax errors at the start of the form element
@Kevin Oluseun Karimu Possibly because right before the form is a </p> that doesn't appear to have a matching open tag
|
0

I'm not sure if this answers your question, but there's an error here:

 <span class="activation_bold">Please activate your account to continue.</span></p>

There is no starting <p>.

Edit: Also look at Damien Pirsy's answer for another problem.

Improve this answer

3 Comments

I have corrected that in the latest update to my post. Now I have another issue.
I solved the issue by using another approach. I took the context I wanted echo'd and created a separate .php file for it. I then included the file in the if statement and it worked perfectly. Thanks for all your help. Hopefully in the meantime I can look into how to make EOD / EOT work.
As your project grows, I would suggest looking into a templating system such as Smarty.
0 
<input name="a_handle" type="hidden" id="a_handle" value="<? echo $a_handle ?>" />

You're writing echo inside a single-quote string, it wouldn't work. Should be: 

'.....<input name="a_handle" type="hidden" id="a_handle" value="'.$a_handle.'" />....'

Question: why use $a_handle= mysql_escape_string($_GET['handle']); ? Are they going to eneter a database later?

  1. Use mysql_real_escape_string instead, if that's the case.
  2. Else, if you're looking for an escape, it might be an html escape (against XSS attacks). You should at least use htmlentities($_GET['handle']) instead;
Improve this answer

9 Comments

better yet would be to use a HEREDOC. Multi-line echoes are a serious pain in the rump for legibility/escaping.
What about the first php code near activate. I tried the same approach and dreamweaver didn't like it.
Yeah, HEREDOC syntax is far better in this case. I'd personally like even more the use of pure html interpolated with php
HMMMMM Dreamweaver didn't like that either. Is this compatible with DW?
@kevin forget Dreameweaver. Don't know your version, but I used CS3 once and it didn't recognize heredoc, one more reason to avoid it.
|
0

I'm not sure if this is your only problem but: You're missing a semicolon after the </form>'. It should be </form>';

I also recommend you use HEREDOC notation like one of the other answers suggests. It is much cleaner for long strings. Additionally, as someone else said, you are opening yourself up to XSS attacks if you don't escape your output with htmlentities and urlencode (depending on where in the HTML the text is). See: http://en.wikipedia.org/wiki/Cross-site_scripting

Improve this answer

3 Comments

I received this browser error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /hermes/web03/b556/pow.kkarimu/htdocs/F12_MEDIA/Site/develop/v1/activate_check.php on line 96. After uploading the new code
@Kevin That is not a browser error, that is a PHP error. The cause of that error must be outside the snippet because all I did was add a semi-colon and it passed the parser syntax check on my machine. Also, as a side note, in your updated code the closing } must be on a sepperate line from the HTML; or it won't terminate the HEREDOC block.
@Kevin Did what? Sorry, there are a number of things going on here so I'm a bit confused as to which part caused the error.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.