displaying php in an echo nested in html

Question

I'm trying to echo a piece of text with PHP nested in it, anyone know how? I've tried it like this:

function update_category(){

    global $connection;

    if (isset($_GET['edit'])) {
        $edit_cat_key = $_GET['edit'];

        $query = "SELECT * FROM categories WHERE cat_id = {$edit_cat_key }";
        $edit_cat_query = mysqli_query($connection, $query);

        echo    '<form action="categories.php" method="post">
                    <div class="form-group">
                        <label for="new-cat-title">New name of category</label>
                            <input value="<?php if(isset($cat_title)){echo $cat_title;} ?>" type="text" class="form-control" name="new-cat-title">
                    </div>
                    <div class="form-group">
                        <input class="btn btn-primary" type="submit" name="submit" value="Rename Category">
                    </div>
                </form>';

            
        while($row = mysqli_fetch_assoc($edit_cat_query)) {
            $cat_title = $row['cat_title'];
            $cat_id = $row['cat_id'];
        }
    }

}

It prints: <?php if(isset($cat_title)){echo $cat_title;} ?>

I've tried it like this:

<input value="' . <?php if(isset($cat_title)){echo $cat_title;} ?> . '" type="text" class="form-control" name="new-cat-title">

You can not use `` nested into another `` block. You either need to use string concatenation here - or you _stop_ outputting largely static portions of HTML using echo in the first place, and then only insert `` where you need it to output dynamic parts, https://www.php.net/manual/en/language.basic-syntax.phpmode.php — CBroe, Apr 29 '22 at 13:14
**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) — Dharman, Apr 29 '22 at 13:37

score 0 · Answer 1 · answered Apr 29 '22 at 13:17

I'd do it like this (showing only the echo part inside the php code):

echo '<form action="categories.php" method="post">
                <div class="form-group">
                    <label for="new-cat-title">New name of category</label><input value="';

if(isset($cat_title)){echo $cat_title;};
echo '" type="text" class="form-control" name="new-cat-title"></div>
                <div class="form-group">
                    <input class="btn btn-primary" type="submit" name="submit" value="Rename Category">
                </div>
</form>';

This echoes the two strings (in single quotes) and in between them the variable depending on the condition, keeping the double-quote pairs of the attribute values intact.

score 0 · Answer 2 · answered Apr 29 '22 at 13:17

Echo is a php statement. You use it to display an output, as a string. What you need is, replacing echo ' with ?> and </form>'; with </form><?php. These closing(?>) and opening(<?php) tags let you decide which part of your document should be processed as PHP. So PHP will ignore the rest of the document.

score 0 · Accepted Answer · answered Apr 29 '22 at 14:05

Based on Johannes' answer I managed to figure out an answer. I need to close the PHP tags and instead of echoing the wished result, put it in the while loop.

Like this:

    function update_category(){
    
        global $connection;
    
        if (isset($_GET['edit'])) {
            $edit_cat_key = $_GET['edit'];
    
            $query = "SELECT * FROM categories WHERE cat_id = {$edit_cat_key }";
            $edit_cat_query = mysqli_query($connection, $query);
        
            while($row = mysqli_fetch_assoc($edit_cat_query)) {
                $cat_title = $row['cat_title'];
                $cat_id = $row['cat_id'];
    
                ?>
                    <input value="<?php echo $cat_title; ?>" type="text" class="form-control" name="cat_title">
                <?php
        }
    }

}

displaying php in an echo nested in html

3 Answers3