发表新帖
发表新帖

Mixing html and php variables inside an echo statement

后端 未结
关注
8 1987
猫巷女王i
猫巷女王i 2020-12-16 06:07

This may be a problem of my trouble with using single and double quotes in one statement. But I have this piece of code:

echo \'
相关标签:
8条回答
  • 悲哀的现实
    2020-12-16 06:31

    If you want to keep using single quotes, you'll need to use the append operator (a period).

    echo '<form>
      <input type="submit" value="' . $number . '" onClick="function();">
      </form>';
    0 讨论(0)
  • 傲寒
    2020-12-16 06:35

    In PHP, variables inside double quotes are processed and evaluated, while in single quotes everything is considered as part of the string.

    A better explanation here: http://www.trans4mind.com/personal_development/phpTutorial/quotes.htm

    double quote example from the above link:

    $something="Oh something";
echo "My answer is $something.<br>";
//result is: My answer is Oh something

    single quote example from the above link:

    echo 'My answer is $something.<br>';
//result is: My answer is $something.
    0 讨论(0)
  • 广开言路
    2020-12-16 06:36

    In PHP, double quoted strings are automatically parsed for any variables contained within, but single quoted strings are not. Therefore:

    $myVar = 21;
echo "myVar: $myVar"

    This outputs the text: myVar: 21

    Whereas:

    $myVar = 21;
echo 'myVar: $myVar'

    This outputs the text: myVar: $myVar

    One problem with your code is that in HTML, the values of elements' attributes must be enclosed in double quotes, not single quotes. I know that some browsers will accept this form (or even no quotes at all), but this is not the correct method.

    There are various ways of achieving what you wish, correctly.

    Method one: Escaping double-quoted strings:

    $myVar = 21;
echo "<div id=\"$myVar\"></div>";

    While this may be a rather inelegant solution, it will work.

    Method two: Using string concatenation with single (or double) quoted strings:

    $myVar = 21;
echo '<div id="' . $myVar . '"></div>';

    This offers a better solution IMO because you can use function calls or any other PHP code in there if you wish.

    WARNING:

    Please note that when you aren't certain of the contents of $myVar (i.e. the user enters it in), putting it directly into HTML code is a security vulnerability in the form of cross-site scripting (XSS). Imagine the user enters something like this:

    lol"><script>alert('XSS!');</script></div><div id="lol2

    This will cause the resulting HTML code to contain the following:

    <div id="lol"><script>alert('XSS!');</script></div><div id="lol2"></div>

    This is just a benign example, but an attacker could easily use the same technique to steal a user's cookies (to pretend to be logged in as that user). The message here is that when you aren't 100% sure of the contents of a variable, don't insert it into HTML code directly. Instead, call htmlspecialchars($myVar). This would translate to the following:

    $myVar = $_POST['whatever'];
echo '<div id="' . htmlspecialchars($myVar) . '"></div>';
    0 讨论(0)
  • 野趣味
    2020-12-16 06:40

    This outputs same to me

        echo '<link rel="apple-touch-icon-precomposed" sizes="57x57" href='. ${base_url_favicon} . '/apple-touch-icon-57x57.png />'."\n";
echo "<link rel='apple-touch-icon-precomposed' sizes='57x57' href='${base_url_favicon}/apple-touch-icon-57x57.png' />\n";
    0 讨论(0)
  • 旧时难觅i
    2020-12-16 06:45

    PHP differentiates between single and double quoted strings as being different things. Single quoted strings are literals, you want them output as is. Double quoted strings are to be interpreted (scanned) for any PHP variables and the appropriate replacements made.

    This is simply a feature (and a useful one) of the language. I would actually recommend that you get used to using double quotes for strings in all languages. There is no language where it is unacceptable and in staticly typed languages (C, C++, Java, ...) single quotes indicate a character while double quotes indicate a string. That is, String foo = 'my string'; would error in Java as would char * foo = 'my string'; in C or C++. However, char foo = 'a'; is valid, as is String foo = "my string";

    Only if you need to eke out the last nanoseconds of performance from PHP might you go through and convert double quoted strings to single quoted strings. In other languages it doesn't matter. Afaik, PHP is the only language that make this string specific double vs. single quotes distinction.

    0 讨论(0)
  • 梦谈多话
    2020-12-16 06:47

    You could just do this and avoid the whole song and dance. I think it is easier to read. 

    <form>
    <input type="submit" value="<?php echo $number; ?>" onClick="myFunction()">
</form>
    0 讨论(0)
 看不清?
提交回复
热议问题