Parsing an echo in php

Question

I have an email form in php which has 3 possible appearances.

Firstly, when the submit button has not been used, I want it to appear standard.

Secondly, when submit HAS been clicked and no data was set in it.

Thirdly, when data was input acceptably, I want to display what was input.

However, I am a total php newbie and I don't seem to be able to get it right.

<?php
    if(isset(sent)) {
        if(isset($_POST['forename']) && !empty($_POST['forename']) {
            echo('<input class="tbox" type="text" name="forename" value="$POST['forename']" /><br>');
        } else {
            echo('<input class="tbox bad" type="text" name="forename" value=""/><br>');
        }
    } else {
        echo('<input class="tbox" type="text" name="forename" value="" /><br>') ;
    }
?>

I assume the error is the "s and 's. I get an unexpected ) exception. How should the echo lines be constructed to avoid this?

Answer 1

This is your problem:

echo('<input class="tbox" type="text" name="forename" value="$POST['forename']" /><br>');

Variables don't get parsed inside single quotes, only in double quotes.

An easy solution would be:

echo '<input class="tbox" type="text" name="forename" value="' . htmlspecialchars($POST['forename']) . '" /><br>';

Note that I have used htmlspecialchars to avoid your variable breaking the html. You also don't need to use parenthesis when you use echo (doesn't harm though...).

Answer 2

This line is causing the error:

echo('<input class="tbox" type="text" name="forename" value="$POST['forename']" /><br>');

You have to concat the value with the two other parts of the string and it's $_POST instead of $POST :

'[…]value="' . $_POST['forename'] . '"[…]'

You should also at least use htmlentities on the value that an input won't break your HTML:

htmlentities($_POST['forename'], ENT_QUOTES, "UTF-8")