Hello I looked around a bit for a solution but couldn't find someone with the exact problem as me. Basically I have a php variable that is a url. I want to add a new iframe with that url.
This is what I have, but because HTML is using the double quotes after src the php variable is ignored.
<iframe width="420" height="345"src= "<?php $output ?>"> </iframe>
Thank you guys
<iframe width="420" height="345" src="<?php echo htmlspecialchars($output); ?>"> </iframe>
You're missing echo. Also, always use htmlspecialchars() to ensure you are creating valid HTML that isn't vulnerable to injection. If you find yourself doing this a lot, consider using a template engine.
<?php echo can be safely replaced with <?=. Previous versions required short_open_tag or asp_tags to be on; the former caused problems with XML, but with the latter you could use <%= instead.
< and > and convert them to < and > to make sure they aren't interpreted as HTML. You don't want text content to leak to your HTML. In worse cases, if you are outputting text from users, it might contain <script> tags.<iframe width="420" height="345" src="<?php echo htmlspecialchars($output); ?>"> </iframe>
echo), but just saying that HTML can also use single quotes.