-1

I have a form that is written in PHP that will call the page upon itself (I don't know if I say this right).

echo('</table>
<hr>
<h1 id="loadscript_h1">Voeg een loadscript toe</h1>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="POST" enctype="multipart/form-data">
<div><input type="file" name="loadscript" id="loadscript" value="Kies loadscript"/></div>');
echo ('<input type="submit" class="formsubmit" name="upload_loadscript" value="Upload loadscripts" />
</form>');

But when I look at my website there is something written like this:

" method="POST" enctype="multipart/form-data">

How can I write this properly?

Duniyadnd
  • 4,013
  • 1
  • 22
  • 29
user3638258
  • 1
  • 2

2 Answers2

0

you have to use concatenation for strings. notice the '. which tells PHP to terminate string, then concatenate with the following. See the docs: http://www.php.net/manual/en/language.operators.string.php

echo '</table>
<hr>
<h1 id="loadscript_h1">Voeg een loadscript toe</h1>
<form action="'.htmlspecialchars($_SERVER["PHP_SELF"]).'" method="POST" enctype="multipart/form-data">
<div><input type="file" name="loadscript" id="loadscript" value="Kies loadscript"/></div><input type="submit" class="formsubmit" name="upload_loadscript" value="Upload loadscripts" />
</form>';

also, you don't need parenthesis for echo.

Kai Qing
  • 18,793
  • 5
  • 39
  • 57
  • Also, given the sheer length of the HTML string it might be an idea to ditch `echo` completely and have the HTML as part of the literal response. – Dai May 21 '14 at 20:54
  • Oh I agree. I will gladly upvote any alternative means for doing this. I left it as echo because I just inherited a complete POS site that is almost entirely spit out in php. It is awful and makes me want to die, so changing one small part to write out properly would be futile against the entire rest of the system being oppositely constructed. Sometimes you just have to eat it – Kai Qing May 21 '14 at 20:58
  • You can also use heredoc as in my answer below https://stackoverflow.com/a/44433617/4390304 – k32y Jun 08 '17 at 10:53
  • @k32y - Eew! Fuck heredoc! in 10 years of programming I have never experienced a case where I had to use it. I plan on keeping it that way. – Kai Qing Jun 08 '17 at 19:18
  • @KaiQing any particular reason why? – k32y Jun 12 '17 at 15:04
  • @k32y - Because I understand the need to echo short snippets of html in php from time to time. When the need goes beyond short, I prefer to include template files instead of combining front and back end logic with a utility that seems hackish and ugly. I hate the indent rules for heredoc, and that one rule alone is enough for me to never use it. Call it preference, I guess. Same way I dislike sprintf - not bad when there's a couple variables. Idiotic when there's dozens. In code, there's usually several ways to go about doing the same thing. Not all of them are sane anymore – Kai Qing Jun 12 '17 at 20:42
0

Using PHP Heredoc

$action = htmlspecialchars($_SERVER["PHP_SELF"]);
$form = <<<FORM
    </table>
    <hr>
    <h1 id="loadscript_h1">Voeg een loadscript toe</h1>
    <form action="{$action}" method="POST" enctype="multipart/form-data">
    <div><input type="file" name="loadscript" id="loadscript" value="Kies loadscript"/></div>
    <input type="submit" class="formsubmit" name="upload_loadscript" value="Upload loadscripts" />
    </form>
FORM;

echo $form;

You can also just leave the action field empty and the form will submit back to itself when posted.

k32y
  • 407
  • 6
  • 11