1

Whether I enter the value for bug id or not ..in both conditions the code between php tags is displayed as output. Can someone help me to find out the reason. Code is given below:

html file-------------------------------------------------------------

<!DOCTYPE html PUBLIC"-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Bug Report</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
</head>
 <body>
<h2>Bug Report</h2>
<form action="test.php"  method="post"  >
<p>Bug ID:<input type="text" name="bugid" size="20" /></p>      
<p><input type="submit" value="Record Bug" /></p> 
</form>  
</body> 
</html>

php file--------------------------------------------------

<!DOCTYPE html PUBLIC"-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Record Bug</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
</head>
<body>

<?php
                $bugid=$_POST["bugid"];
                echo $bugid;
if (empty($bugid))
    {
            echo "<p>You must enter the Bug ID to record the bug.</p>";
    }     
else
    {
    echo"<p>good</p>";          
                    }
?>


</body>
</html>
Improve this question
4
  • 1
    Are you saying both the if and else conditions are being executed, or are you saying that the actual PHP code is showing up on the page? Commented Aug 17, 2012 at 3:34
  • output is : You must enter the Bug ID to record the bug. "; } else { echo" good "; } ?> Commented Aug 17, 2012 at 3:36
  • your code is widely open for the sql-injuction Commented Aug 17, 2012 at 3:45
  • try this <?php $bugid=mysql_real_escape_string($_POST["bugid"]); echo $bugid; Commented Aug 17, 2012 at 3:49

4 Answers 4

Reset to default
2

If you're getting PHP code in the output, then your webserver isn't running that page/script through the PHP interpreter. Generally, that's because you've put the code into a .html file, which is not treated as PHP by default.

Either rename the file to whatever.php, or reconfigure your webserver to treat .html files as PHP scripts.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I renamed the file but still same above output
Then you should check into why your webserver isn't running PHP scripts at all.
1

  1. check that php is working or not for that write the code <?php phpinfo(); ?> and if have manually installed php apache and getting problem try wamp server

  2. your code is widely open for sql-injunction to make it secure use 

public function mysql_prep( $value ) {
        $magic_quotes_active = get_magic_quotes_gpc();
        $new_enough_php = function_exists( "mysql_real_escape_string" ); // i.e. PHP >= v4.3.0
        if( $new_enough_php ) { // PHP v4.3.0 or higher
            // undo any magic quote effects so mysql_real_escape_string can do the work
            if( $magic_quotes_active ) { $value = stripslashes( $value ); }
            $value = mysql_real_escape_string( $value );
        } else { // before PHP v4.3.0
            // if magic quotes aren't already on then add slashes manually
            if( !$magic_quotes_active ) { $value = addslashes( $value ); }
            // if magic quotes are active, then the slashes already exist
        }
        return $value;
    }
Improve this answer

Comments

1

Check whether php is running or not in your machine. Save the below code as test.php and run it through 

<?php

   phpinfo();

?>
Improve this answer

Comments

0

In that case you have to run on that Server which support PHP like Xampp or Wamp and also extension of the file should be .php

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.