Quotes driving me nuts even after reading manual.

[Jwest100]

I've been struggling with this for hours and can't seem to understand how the quote syntax works.

Can someone tell me what is wrong and explain please? Much appreciated!

 

$form_output .= '<p><label for="email">Notification email (IMPORTANT!) <span>*</span><br><input type="text" name="email" value=" . 'echo $_POST' . "></label></p>';

[Destramic]

you should be able to read this better...also using the echo where it is, is incorrect.

$form_output = '<p><label for="email">Notification email (IMPORTANT!) <span>*</span><br><input type="text" name="email" value="' 
               . $_POST["email"] 
               . '"></label></p>';

this should do the trick

Edited January 10, 2017 by Destramic

[NotionCommotion]

• You want your single and double quotes to be nested like HTML tags.

Don't put quotes next to your variables, but a period to append it to some text.

Echo is to display on the page.  You don't echo the variables when assigning to a string.

.= is to append versus just = to replace the variable.

[Destramic]

also what i forgot to mention is that if your using user inputted data ie. $_POST then you need to escape it using

$_POST['email'] = htmlspecialchars($_POST['email'], ENT_QUOTES, 'UTF-8');

your code is vulnerable to cross site scripting attacks (XXS)

[Jwest100]

Many, many thanks to you both! Seeing it done correctly and getting some rules to simplify the thinking is EXACTLY what I needed to help me understand the logic

 

Thanks so much!

[Jwest100]

Thank you for that Destramic! Sanitizing is the next thing I'll be digging in on