Script is showing php when it's not supposed to be

[iarp]

Hey,

 

if you view www.iarp.ca/?id=contact you should see a drop down selection.

 

For some reason the php coding is showing in source code of the page

 

this is the coding:

		<select name="QaC" tabindex="4" class="box-contact">
			<option value="">Select One</option>
			<option value="qu" <?php if ($QaC == "qu") {echo "selected";} ?> >Question(s)</option>
			<option value="co" <?php if ($QaC == "co") {echo "selected";} ?> >Comment(s)</option>
			<option value="ge" <?php if ($QaC == "ge") {echo "selected";} ?> >General Idea(s)</option>
			<option value="dl" <?php if ($QaC == "dl") {echo "selected";} ?> >Dead Link(s)</option>
		</select><br />

 

Now is this happening because it's being called from a database table? Like all the info on that page is from a database. If so how can i fix this?

[Daniel0]

I don't see that code anywhere in the source...

[iarp]

I pulled it off the page, felt it was kinda stupid to even have it (been using this script quite a while now). But if anyone does have the answer for it, please reply thanks

 

@Daniel0 : The source matched my [ code] input in my first post.

[Daniel0]

Where does the code come from? How do you include that code into the page? If you do not use the include() or require() functions then you will have to eval() the code.

[iarp]

Basically index.php recieves the ?id=contact pulls the info from the database and displays it.

 

When a form is filled out, it becomes ?id=contact&action=contact-form which then activates contactForm()

 

 

index.php

<?php
require_once('includes/session.php');

if (isset($_GET['id'])) {
$id = $_GET['id'];
} else {
$id = 1;
}

$page_name = getPageName($id);

require ('includes/header.php');

include_once ('./includes/captcha/securimage.php');
$securimage = new Securimage();

echo '<div id="wrapper">
<!-- start page -->
<div id="page">
<!-- start content -->
<div id="content">';

switch ($_GET['action']) {
case 'contact-form':
    contactForm($_POST['name'], $_POST['email'], $_POST['subject'], $_POST['comments']);
    break;
case 'logmein':
    login($_POST['username'], $_POST['pass']);
    break;
case 'logout':
logout();
break;
case 'register':
register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['first_name'], $_POST['last_name'], $_POST['email'], $_POST['captcha_code']);
break;
default:
break;
}

getContent($id);
echo '	</div>
<!-- end content -->
';

editPage($id);

require ('includes/footer.php');
?>

 

getContent($id);

function getContent($contentid) {
if (is_numeric($contentid)) {
	$query = "SELECT content FROM " . TBL_CONTENT . " WHERE id=$contentid";
} else {
	$query = "SELECT content FROM " . TBL_CONTENT . " WHERE page_url='$contentid'";
}

$result = mysql_query($query);
$content = mysql_fetch_array($result, MYSQL_ASSOC);
echo $content['content'];
}

 

contactForm();

function contactForm($name, $email, $subject, $comments) {
//start errors array
$errors = array();

//Check for name.
if (empty($name)) {
	$errors[] = 'your name.';
}

//Check for e-mail
if (empty($email)) {
	$errors[] = 'your e-mail address';
}

//Check for subject
if (empty($subject)) {
	$errors[] = 'a subject.';
}	

//Check for comments
if (empty($comments)) {
	$errors[] = 'a comment.';
}

if (empty($errors)) { //if everythings ok

	//Send e-mail with comments
	$body = "Name: " . $name . "\nE-mail: " . $email . "\n\n" . $comments . " ";
	mail ('[email protected]', '[iARP.ca Website] '.$subject, $body, 'From: '.$email);

	echo '<h1>Thank-you!</h1><p>Your message was successfully sent,</p><p>If you had any questons we will try to respond ASAP.</p><br /></p>';
} else {
	echo'<div id="error-contact"><h1>Error!</h1>You forgot to enter:<br /><br />';
	foreach ($errors as $msg) {
		echo "$msg<br />";
	}
	echo '</p>Please try again.</div><br /><br />';
}
}