-1

I had a PHP page where I was echoing out all the HTML. After being advised that is poor practice, and that I should write out the HTML and only switch to PHP when I need it, I am trying to rewrite my form to adhere to that.

I've tried the following, however the $row array which contains the results of my SQL query are not being called correctly, 

<?php while($row = $sth->fetch()){ ?>
<p>
<input type = "hidden" name ="id" value="<?php $row["id"] ?>"/>';
<p>
<input type = "text" name ="firstName" size ="30" value=" <?php $row["firstName"]?>"/>';</p>
<p>
<input type = "text" name ="lastName" size ="30" value="<?php $row["lastName"]?>"/>';
</p>";
<input type="submit" value="Update" />';
<?php } ?>

From my understanding as long as the start and end brackets are still in the right order, the above code should work, however it does not.

What am I doing wrong?

Chris Hodges
  • 73
  • 1
  • 6
  • 3
    You forget to call `echo` for each reference to `$row` inbetween HTML code. – Desmond Hume Nov 25 '12 at 23:46
  • The advice you got did not go far enough. You should completely separate your HTML ("presentation", "template", or "view") from the data you retrieve from the database ("model") and the code that responds to the HTTP request ("controller"). And you also need to escape your strings for html. Database-fetching `while` loops should not even be in the same *file* as html! – Francis Avila Nov 25 '12 at 23:53
  • @FrancisAvila I'd rather not throw slightly advanced topics like templating at a probable PHP beginner. – Desmond Hume Nov 25 '12 at 23:58

2 Answers2

3
<?php while($row = $sth->fetch()){ ?>
<p>
<input type = "hidden" name ="id" value="<?php echo $row["id"]; ?>"/>';
<p>
<input type = "text" name ="firstName" size ="30" value=" <?php echo $row["firstName"]; ?>"/>';</p>
<p>
<input type = "text" name ="lastName" size ="30" value="<?php echo $row["lastName"]; ?>"/>';
</p>";
<input type="submit" value="Update" />';
<?php } ?>

You forgot to put echo, without echo it won't print anything.

You have another option, which is:

<?php while($row = $sth->fetch()){
echo<<<HTML
<p>
<input type = "hidden" name ="id" value="{$row['id']}"/>';
<p>
<input type = "text" name ="firstName" size ="30" value=" {$row['firstName']}"/>';</p>
<p>
<input type = "text" name ="lastName" size ="30" value="{$row['lastName']}"/>';
</p>";
<input type="submit" value="Update" />';
HTML;
} ?>
Lior
  • 5,841
  • 9
  • 32
  • 46
1

You need to use echo

<input type = "hidden" name ="id" value="<?php echo $row["id"]; ?>"/>

Also, don't forget to escape for HTML:

<input type = "hidden" name ="id" value="<?php echo htmlspecialchars($row["id"]); ?>"/>

As of PHP 5.4, the short method is always available, even if short_open_tag config is off:

<input type = "hidden" name ="id" value="<?= htmlspecialchars($row["id"]); ?>"/>
TheJosh
  • 95
  • 7
  • You can do php short syntax with 3 less characters. If you get rid of the two spaces, the semicolon ins't needed: =$something?> – Ted Nov 25 '12 at 23:50
  • 2
    @Ted [Using short open tags is not a good idea](http://stackoverflow.com/questions/200640/are-php-short-tags-acceptable-to-use). And what do you have against extra spaces? Readability is important! – Jocelyn Nov 26 '12 at 00:01
  • I'm with @Jocelyn, I always use the long tags. I also have a helper class for encoding, so my code is normally `` – TheJosh Nov 26 '12 at 11:42