Form PHP code is output to the screen

Question

<?php

function VerifyForm(&$values, &$errors) 
{ 

  if (strlen($values['fname']) == 0) 
    $errors['fname'] = 'Enter First Name'; 

  if (strlen($values['lname']) == 0) 
    $errors['lname'] = 'Enter Last Name'; 

  if (strlen($values['mname']) == 0) 
    $errors['mname'] = 'Enter Middle Name'; 

  if (strlen($values['address']) == 0) 
    $errors['address'] = 'Enter Address'; 

  if (strlen($values['terms']) == 0) 
    $errors['terms'] = 'Please Read Terms and Agreement and Check the box.'; 

  if (!ereg('.*@.*\..{2,4}', $values['email'])) 
    $errors['email'] = 'Email address invalid'; 

  else if (strlen($values['email']) < 0) 
    $errors['email'] = 'Enter Email Address'; 

  return (count($errors) == 0); 
}


function DisplayForm($values, $errors) 
{ 
  ?> 
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
  <html xmlns="http://www.w3.org/1999/xhtml"> 
  <head> 
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
  <title>GIA Soap » Products » Customer Informations</title> 
  <link href="stylesheet/style.css" rel="stylesheet" type="text/css" /> 
  <script type="text/javascript" src="js_files/jquery.js"></script> 
  <script type="text/javascript" src="js_files/sliding_effect.js"></script> 
  <script type="text/javascript" src="js_files/slideshow.js"></script> 
  </head>
<body> 
  <div class="bg_top"> 
  <div class="bg_bottom"> 
  <div class="wrapper"> 
  <div class="header"> 
  <div class="logo"> 
  </div>  
  <div class="logo_text"> 
  <div class="logo_head_text">Gia Soap Making</div> 
  <div class="logo_sub_text">Sub text here</div> 
  </div> 
  </div> 
  <div class="h_nav"> 
  <div class="h_nav_dash"> 

  </div> 
  </div> 
  <div class="container"> 
  <div class="content_term"> 
  <div class="content_terms"> 
  <br /> 
  <h1><p>Customer Information</p></h1><br />
  <p>Please the following correctly.</p>
  <div class="customer_info">

  <?php

  if (count($errors) > 0)
    echo "<p>There were some errors in your submitted form, please correct them and try again.</p>";

  ?>
 <form method="post" action="<?= $_SERVER['PHP_SELF'] ?>"> 

  <!-- hidden values --> 

  <input type="hidden" value="<?php echo $papaya; ?>" name="papaya" /> 
  <input type="hidden" value="<?php echo $carrot; ?>" name="carrot" /> 
  <input type="hidden" value="<?php echo $guava; ?>" name="guava" /> 

  <label for="customer_fname">First Name (<i>Required</i>)</label> 
  <input type="text" class="textbox"  id="customer_fname" name="customer_fname" value="<?= htmlentities($values['fname']) ?>" /> 
  <span class="error_msg"><?= $errors['fname'] ?></span> 

  <label for="customer_lname">Last Name (<i>Required</i>)</label> 
  <input type="text" class="textbox"  id="customer_fname" name="customer_fname" value="<?= htmlentities($values['lname']) ?>" /> 
  <span class="error_msg"><?= $errors['lname'] ?></span> 

  <label for="customer_mname">Middle Name (<i>Required</i>)</label> 
  <input type="text" class="textbox"  id="customer_fname" name="customer_fname" value="<?= htmlentities($values['mname']) ?>" /> 
  <span class="error_msg"><?= $errors['mname'] ?></span> 

  <label for="customer_add">Address (<i>Required : Complete Address Please</i>)</label> 
  <input type="text" class="textbox"  id="customer_add" name="customer_add1" value="<?= htmlentities($values['address']) ?>" /><br /> 
  <input type="text" class="textbox"  id="customer_add" name="customer_add2" /><br /> 
  <input type="text" class="textbox"  id="customer_add" name="customer_add3" /> 
  <span class="error_msg"><?= $errors['address'] ?></span> 

  <label for="customer_email">Email Address  (<i>Required</i>)</label> 
  <input type="text" class="textbox"  id="customer_email" name="customer_email" value="<?= htmlentities($values['email']) ?>" /> 
  <span class="error_msg"><?= $errors['email'] ?></span> 

  <label for="customer_phone">Phone Number </label> 
  <input type="text" class="textbox"  id="customer_phone" name="customer_phone" /> 

  <label for="customer_mobile">Mobile Number </label> 
  <input type="text" class="textbox"  id="customer_mobile" name="customer_mobile" /> 

  <br /><br /> 

  <div class="terms"> 
  <center> 
  <h1>Terms and Agreement</h1><br /> 
  <p>Please read the following.</p><br /> 
  </div> 
  <br /> 

  <input type="checkbox" name="terms" value="<?= htmlentities($values['terms']) ?>" /> I Read the Terms and Agreement<br /><br /> 
  <span class="error_msg"><?= $errors['terms'] ?></span> 
  <input type="submit" value="Send Order" class="prod_subbtn" /> 

  </center> 

  </form> 
  </div> 
  </div> 
  </div> 
  <div class="clear"></div> 
  </div> 
  <?php include ('includes/footer.php'); ?> 
  </div> 
  </div> 
  </div> 
  </body> 
  </html>
<?php

}


function ProcessForm($values) 
{
  $papaya = $_POST['papaya']; 
  $carrot = $_POST['carrot']; 
  $guava = $_POST['guava']; 
  $fname = $_POST['fname']; 
  $lname = $_POST['lname']; 
  $mname = $_POST['mname']; 
  $address = $_POST['address']; 
}

if ($_SERVER['REQUEST_METHOD'] == 'POST') 
{ 
  $formValues = $_POST; 
  $formErrors = array(); 

  if (!VerifyForm($formValues, $formErrors)) 
    DisplayForm($formValues, $formErrors); 
  else 
    ProcessForm($formValues); 
} 
else 
  DisplayForm(null, null);

?>

The output is:

Problem
The PHP code that is supposed to put in the field values can be seen by users.

Answer 1

Chances are short_open_tags is off. Use <?php echo ...; ?> instead of <?=... ?>, like this:

<?php echo htmlentities($values['lname']); ?>

Answer 2

<?= $errors['fname'] ?> is equal to <?php echo $errors['fname'] ?>.
<?= are called 'short tags', which were removed (deprecated) from php.
Use <?php echo $errors['fname']; ?> to see the actual variable value.

Answer 3

The directive short tags is set to off in the php.ini. That disallows <? $phpcode ?> and <?=$monkey?>

The only one allowed is <?php $monkeybusiness ?>

Answer 4

either change <?= to <?php echo or turn short_open_tags = on in the php.ini