How can I write a php function that will return a html form?

[colap]

function change_password_form() {
		$change_password_form="";
		$change_password_form=$change_password_form . 
			'<form method="POST" action="change_password.php">			
			<div>Type new password</div>
			<div><input type="password" size="40px" name="new_password" /></div>
			<div>Type new password again</div>
			<div><input type="password" size="40px" name="new_password2" /></div>
			<div><input type="submit" value="Change Password" /></div>			
			</form>';
		return $change_password_form;
	}

Is there any problem with this above code? Normally I was suggested to write php code inside html tag like this:

<form method="POST" action="p.php">
<input type="text" name="myname" value="<?php echo $somevalue; ?>" />
<input type="submit" name="submi" value="Submit" />
</form>

What's the difference between these two?

<title>My Title</title>

$mytitle='My Title';
<?php echo "<title>$mytitle</title>"; ?>

Is there any problem if I echo html tag with php or make php string with html tag?

Edited December 7, 2016 by php-coder

[benanamen]

Either put your form in the page as html or include it into the processing page to separate the html from code or use a proper template engine like TWIG. Don't mess with that form in a function mess. That is noob 101.

Edited December 7, 2016 by benanamen

[cyberRobot]

For my response, I'll ignore the function part. 

 

 

An advantage for writing code like this

<form method="POST" action="p.php">
<input type="text" name="myname" value="<?php echo $somevalue; ?>" />
<input type="submit" name="submi" value="Submit" />
</form>

 

Is that the code blocks will be colored based on the HTML code versus PHP...depending on your IDE. However, if the code contains more PHP than HTML, it might be better to surround it with PHP tags.

[cyberRobot]

As a quick example, you can see how this forum shows the two blocks of code:

<form method="POST" action="p.php">
<input type="text" name="myname" value="<?php echo $somevalue; ?>" />
<input type="submit" name="submi" value="Submit" />
</form>


<?php
echo '<form method="POST" action="change_password.php"> 
<div>Type new password</div>
<div><input type="password" size="40px" name="new_password" /></div>
<div>Type new password again</div>
<div><input type="password" size="40px" name="new_password2" /></div>
<div><input type="submit" value="Change Password" /></div> 
</form>';
?>

[colap]

@cyberRobot,

 

We see, there are php mvc frameworks with a form class. They call the form class functions to make html form and input elements. How do they do it then?

[cyberRobot]

@cyberRobot,

 

We see, there are php mvc frameworks with a form class. They call the form class functions to make html form and input elements. How do they do it then?

 

Just to clarify, I was just making the two examples comparable. One in raw HTML, with some simple PHP stuff. The other where the form tags are displayed with PHP.

 

Is your question about whether you should use a function call to output the form? If so, that's really up to you. If you are looking for best practice, then perhaps it's using a template engine like benanamen suggested. 

[cyberRobot]

Is there any problem with this above code?

 

To hopefully answer your question more directly, there's nothing necessarily wrong with your code examples. If they run without errors, it's a valid solution. With that said, problems still arise depending on how you use the code.

 

For example, if $somevalue below contains data the user can tamper with, like data from a POST variable, you are susceptible to XSS attacks. You need to escape the value before it is displayed to the screen.

<input type="text" name="myname" value="<?php echo $somevalue; ?>" />

[colap]

Just to clarify, I was just making the two examples comparable. One in raw HTML, with some simple PHP stuff. The other where the form tags are displayed with PHP.

 

Is your question about whether you should use a function call to output the form? If so, that's really up to you. If you are looking for best practice, then perhaps it's using a template engine like benanamen suggested. 

How do php mvc frameworks output html form with php? Do they use template engine like twig internally? They have a form class to output html form and other html input or widges.

[Jacques1]

The form builders of frameworks have been carefully written by professional developers, and they've done it on top of an entire framework infrastructure. This is very different from an inexperienced programmer (I don't mean that as an insult) who outputs a bunch of HTML fragments and hopes this will work.

 

As we've said multiple times, this is about best practices and realistic solutions rather than technical possibilities. Sure, from a purely technical standpoint, you can assemble your HTML markup from lots of different functions. This is what many PHP people did in the late 90s, and it's still popular among beginners who have never heard of template engines. The problem is that you will likely end up with an entire zoo of security vulnerabilities and an unmaintainable mess of PHPHTML spaghetti code. So maybe not everything that can be done should be done. Maybe it's a good idea to choose the right tool rather than any tool.

 

By the way, form builders only make sense when you have highly dynamic forms which require a lot of code. If you just want to output a simple form with some parameters and maybe a few control structures (loops, conditionals), this can easily be done within Twig. There's no need for any form building magic.