2

I know my question is kind of confusing but what I meant is that I want to display an HTML form in a PHP 'echo'. So my entire HTML code is inside my php open and closing tags and then inside my HTML script I wanted to have a php code but I get an error saying:

Parse error: syntax error, unexpected 'echo' (T_ECHO), expecting ',' or ';'

and my code goes something like this:

<?php
   echo '<form method="post" id="customForm" action="add_assessment.php">
    <table>
     // this line is where I get the error
    <input type="hidden" name="res_id" value='echo($_GET['res_id']);' />
?>
Improve this question
1
  • inside an echo statement, don't again put echo, just concatenate the variable with help of concatenation operater, in php that is . (dot) operator. Commented Jan 3, 2013 at 15:48

5 Answers 5

Reset to default
5

You can use . to concatenate strings in PHP. So you could write it like so:

<?php
   echo '<form method="post" id="customForm" action="add_assessment.php">
    <table>
     // this line is where I get the error
   <input type="hidden" name="res_id" value="'.$_GET['res_id'].'" />';
?>
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Good job, now the HTML is not exactly valid anymore
I just modified OP's example, if they need help with the html I think it would be seperate
Correct their mistake. It's obviously because the OP was trying to use the piece of PHP code inside the form's HTML, not because they don't know how to write valid HTML
You are right, I modified my answer. Thought you were referring to the missing tags.
2

. can be used to concatenate strings. You can also use , which sends them as separate echos. 

<?php
   echo '<form method="post" id="customForm" action="add_assessment.php">
    <table>
    <input type="hidden" name="res_id" value="' . intval($_GET['res_id']) . '" />';
?>

Don't forget XSS protections. The intval() is turning the user input from $_GET into an integer, ensuring that it isn't malicious. It seems this is an important ID for your system. You should ensure that changing it won't break your code, if it will, consider using Sessions instead.

XSS or Cross Site Scripting, is when an attack injects javascript onto your page in an attempt to make it work differently or redirect the user. In this case, an attacker could send this form to a different location. If this form contains Credit Card info, other personal info, or internal data from your application; an attacker could gain access to that info simply by linking a user to the form with the bad data in it.

If setup right, the user might not ever even know they had their information stolen!

Improve this answer

Comments

1 
<?php
   echo '<form method="post" id="customForm" action="add_assessment.php">
    <table>
    <input type="hidden" name="res_id" value="' . $_GET['res_id'] . '" />';
?>
Improve this answer

2 Comments

If you would have explained the difference, I would have upvoted the answer.
The original code misses a single quote and a semicolon after /> , and in php external elements are added using the double dot(.YourElement.) , its like using the plus(+) in java or javascript
1

Here you go:

<?php
   echo '<form method="post" id="customForm" action="add_assessment.php">
    <table>
    <input type="hidden" name="res_id" value="' . $_GET['res_id'] . '" />';
?>
Improve this answer

2 Comments

Please explain why, otherwise people who don't see the difference will just copy this code and start using code they don't understand.
@11684 no need to comment that on every answer. Copy the code and explain it yourself
1

Here you find a explanation from the offical php documentation how to work with the php-tag: http://php.net/manual/en/language.basic-syntax.phpmode.php

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.