PHP function echoes unexpected HTML value

Question

I have a piece of php code inside html tag which is supposed to change the tag's style in accordance with the contents of the URL.

There is an html login form which looks like this:

<form class="userdata" action="login.php" method="post">
    <input type="text" name="email" placeholder="E-mail" <?php fillin('email'); enlight_unfilled('email');?>><br>
    <input type="password" name="pwd" placeholder="Password"><br>
    <button type="submit" name="login-submit">Login</button>
</form>

Here are the functions fillin and enlight_unfilled:

<?php
function fillin($key) {
    if (isset($_GET[$key])) echo "value=".$_GET[$key];
    else echo NULL;
}

function enlight_unfilled($key) {
    if (isset($_GET['error']))
        if (isset($_GET[$key]) and $_GET[$key] !== "") echo NULL;
        else echo "style='border-color: red'";
    else echo NULL;
}
?>

If I only apply one of the functions within the tag, they both do what they are expected to – either save the email in the field if it has been already typed in or enlighten the email field if it has been left empty. But if I apply them together, when the field is empty, php assigns the field value 'style='border-color:. I also tried to use functions like print and printf, but the result is the same:

I am a beginner at php coding and mixing it with html, so the question may appear to be dumb, but I did not manage to find any sort of a solution to this issue, so thanks for help and patience in advance!

Your problem lies in quoting. Check the generated HTML (page source) and you should see where you're going wrong. — El_Vanja, Jan 07 '21 at 15:04
@El_Vanja well it does what I described: `` The point is that I haven't got a clue why such a code gets generated — Kaiyakha, Jan 07 '21 at 15:07
I'm guessing you didn't look at the page source, but rather inspected the element in the browser toolbar. The difference is that when you inspect, you see the HTML after the browser applied some fixes. When you take a look at the source, you should see this: `value=style='border-color: red'`. This would tell you that you don't have quotes for your `value` attribute. — El_Vanja, Jan 07 '21 at 15:10
I think it depends on the browser, but both Chrome and Firefox have a `View Page Source` option in the right click menu (as well as a `Ctrl + U` shortcut). — El_Vanja, Jan 07 '21 at 15:16
@El_Vanja I see, thanks to all of you :) I wouldn't have managed to solve it on my own — Kaiyakha, Jan 07 '21 at 15:20

score 1 · Accepted Answer · answered Jan 07 '21 at 15:08

1

It looks like you don't properly encase value in quotes, so it just renders the 'style='border-color:.

Let's assume that $_GET[$key] has a value of hello@hello.com. What your PHP & HTML renders is the following:

value=hello@hello.com

See the problem? There are no quotes. That's why the renderer goes forward searching for a valid value. To fix the issue you must add quotes around your $_GET[$key] in the fillin function. Something like this should do the job:

if (isset($_GET[$key])) echo "value='".$_GET[$key] . "'";

It works when ran alone because it reaches the end > and just assumes the value to be hello@hello.com

answered Jan 07 '21 at 15:08

Abbas Akhundov

562
6
12

You are welcome. Take a good look at this line: `"value='".$_GET[$key] . "'";`. It might be a bit hard at first, but do you notice a single quote after **=** and before double quotes? Then there is another single quote encased in double-quotes afterward. These single quotes enclose the value of `$_GET[$key]` with quote marks. I used single quote because you are using double quotes from start. See the first double quote, right before **value**. – Abbas Akhundov Jan 07 '21 at 15:16
As far as I got that, for `HTML` attribute values must always be enclosed with quotation marks, right? So the resulting `HTML` code must appear so that all the attribute values are surrounded by quotes – Kaiyakha Jan 07 '21 at 15:17
1

Yes and no. Like you have seen, when using just `fillin` function you were getting correct results without the quotes. It is a complicated subject to discuss here. However, it is always a good practice to use **quote marks** in order to avoid such problems as the one you have encountered + IMO it is a good practice to do so in general. Here is a link to an answer that explains it better than I could right now: [Quote Marks - HTML](https://stackoverflow.com/a/13058319/5946202) – Abbas Akhundov Jan 07 '21 at 15:23

PHP function echoes unexpected HTML value

1 Answers1