3

First PHP page, so this is likely a problem surfacing out of something stupid I'm missing, but I'm not sure what. I'm following the tutorial on W3Schools to create a form with protection from XSS, but when I use the code<form method="post" action="<?php echo $_SERVER['PHP_SELF'); ?>">, it is parsed such that the first > is associated with the form tag, so the quotes are mismatched, and the action doesn't complete correctly.

This is what the page looks like:

Screenshot

EDIT: Full Code Below

<body>
<?php
    $fname = $lname = $email = $student = "";
    if($_SERVER["REQUEST_METHOD"] == "POST")
    {
        $fname = $_POST["fname"];
        $lname = $_POST["lname"];
        $email = $_POST["email"];
        switch($_POST["student"])
        {
            case "u":
                $student = "Undergraduate";
                break;
            case "g":
                $student = "Graduate";
                break;
            default:
                $student = "Non-Student";
        }   
    }
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'); ?>">
    <p>First Name: <input type="text" name="fname"> </p>
    <p>Last Name: <input type="text" name="lname"> </p>
    <p>Email: <input type="email" name="email"> </p>
    <p>Student Status: <select name="student">
                        <option value="u">Undergraduate</option>
                        <option value="g">Graduate</option>
                        <option value="x">Non-Student</option>
                    </select> </p>
    <input type="submit" value="Submit">
</form>

<?php
    echo "<h3>Input:</h3>"
    echo "Name: " . $fname . " " . $lname . "<br>";
    echo "Email: <a href=mailto:" . $email . ">" . $email . "</a><br>";
    echo "Student: " . $student;
?>
</body>
Aliden
  • 441
  • 1
  • 4
  • 15
  • 1
    is `
    ` inside a file with `.php` extension ?
     – Pedro Lobito May 11 '15 at 02:05
  • 2
    is your file a `.php` extension? doesn't look like it. Or it's not being parsed because you don't have a web server setup (properly). and/or you're passing this through a web browser using `file:///file.php` rather than `http://localhost/file.php` – Funk Forty Niner May 11 '15 at 02:05
  • 1
    (1) is your file `.php`, (2) are you accessing it on a live server - `http`/`localhost` - or as a direct file - `C://`? – Sean May 11 '15 at 02:06
  • It is a `.php` file. @Fred-ii- I'm not sure what you mean by not having a web server set up. Perhaps I used the wrong word with 'parsed'. All I meant is that the "> at the start of the page should actually be the closing quote and caret for the `form` tag. – Aliden May 11 '15 at 02:07
  • reload all comments. some were edited (including mine) in order to add more information as to the probably cause. – Funk Forty Niner May 11 '15 at 02:08
  • See http://stackoverflow.com/questions/5121495/php-code-is-not-being-executed-i-can-see-it-on-source-code-of-page – Funk Forty Niner May 11 '15 at 02:10
  • 1
    plus, you'll need to post your code. An "image of", isn't enough. A web server is required to run PHP files. They do not run like regular `.html` files. – Funk Forty Niner May 11 '15 at 02:11
  • @Fred-ii- So it sounds like the question I should be asking is how do I set up a local web server so I can test the PHP files? – Aliden May 11 '15 at 02:16
  • missing semi-colon in `echo "

    Input:

    "` error reporting would catch that as a parse error.     – Funk Forty Niner May 11 '15 at 02:16
  • 3
    depends what platform you're using. Mamp runs off a Mac, Wamp off of Windows, and Xampp runs off of Windows, Mac and Linux. You'll need to Google "how to setup a web server PHP". – Funk Forty Niner May 11 '15 at 02:18
  • https://www.apachefriends.org/ is where you find XAMPP. It's very easy to install and get working. – nomistic May 11 '15 at 02:45
  • @Fred-ii- That was the issue. If you want to add your comment as an answer, I'll mark it. – Aliden May 12 '15 at 00:28
  • @Aliden I have posted my answer below, *cheers* – Funk Forty Niner May 12 '15 at 00:35

2 Answers2

2

.html files do not get parsed like .php files do, therefore you will need to install a Webserver on your system.

Sidenote: You can instruct Apache to treat .html files as PHP, if and when the time comes that you want to do this, it is possible.

.php files cannot be run directly from a web browser, unless they are parsed and running off a server or a hosted site.

They require to be accessed as http://localhost/file.php from a local machine.

Depending on your platform, you can use Xampp which runs on Windows, Mac and Linux.

Wamp:

Mamp (Mac):

Plus, you have a few syntax errors.

action="<?php echo $_SERVER['PHP_SELF'); ?>">
                                      ^

that should be a square bracket, rather than a parentheses.

action="<?php echo $_SERVER['PHP_SELF']; ?>">

and echo "<h3>Input:</h3>" is missing a closing semi-colon.

Those would throw/cause a parse error.

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
1

The solution may be apparent, the closing bracket is mismatched.

Change:

<form method="post" action="<?php echo $_SERVER['PHP_SELF'); ?>">

To:

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

Notice ['PHP_SELF') and ['PHP_SELF'].

Ben
  • 1,557
  • 13
  • 30