Hey John,
On Tue, Oct 19, 2021 at 3:55 AM John <john.iliffe@xxxxxxxxx> wrote:
Thanks for the suggestion Christopher; I was unaware of that format.
If you wouldn't mind, could you please explain why it works with
regard to the actual code line "<?=htmlspecialchars($data)?>" ?
<snip>
Can you suggest somewhere in the manual where this is explained in detail?
The information provided here should be clear, IMO: https://www.php.net/manual/en/language.basic-syntax.phptags.php
I would like to know if this was somehow not easy to find or is not clear and how to improve the documentation and it's searchability.
my questions:
- what is the = sign assigning the value to; it appears to be a token
for echo?
- When I tried it I noticed that the = sign cannot have any white
space around it; that is, <?=htmlspacialchars(... and not
<? =htmlspecialchars(...
- I have the web site set up so that the full PHP invocation MUST be
used, that is <?php and not <? , yet when I tried this
<?php=htmlspecialchars(... doesn't work, I MUST use the short form.
I can see the confusion.
<?php ...script... ?> and <?= _expression_ ?> are normal tags syntax
<? ...script... ?> is short tags syntax
there is no such thing as <?php= _expression_ ?>
Also, <?= _expression_ ?> is equivalent with <?php echo _expression_; ?> and used in php files that are mostly html code where you want to simply inline a value.
Thanks in advance.
John
A recommendation from me would be to disable the short tags syntax. It might bite you when you have other tags like <?xml.
This can be done using the ini configuration: https://www.php.net/manual/en/ini.core.php#ini.short-open-tag
This also depends on where the PHP is hosted and how much control you have over the configuration.
Alex
============
On Mon, 2021-10-18 at 22:23 +0200, Christoph M. Becker wrote:
> On 18.10.2021 at 18:59, John wrote:
>
> > Solution, forwarded to PHP list:
> > ================================
> >
> > OK, solved this.
> >
> > The form input MUST be contained in SINGLE quotes; probably to
> > avoid
> > being manipulated by the PHP parser. Double quotes or no quotes
> > don't
> > work.
> >
> > Example:
> >
> > <input type="hidden" name="trans" id="trans" value='<?php echo
> > $data ?>'>
> >
> > where $data is the incoming JSON data string.
> >
> > Thanks for your assistance.
>
> Thanks for providing a solution, but I suggest to properly entity-
> encode
> $data anyway, e.g. like
>
> <input type="hidden" name="trans" id="trans"
> value="<?=htmlspecialchars($data)?>">
>
> --
> Christoph M. Becker
