Solution 1 :

It looks like you don’t properly encase value in quotes, so it just renders the 'style='border-color:.

Let’s assume that $_GET[$key] has a value of [email protected]. What your PHP & HTML renders is the following:

[email protected]

See the problem? There are no quotes. That’s why the renderer goes forward searching for a valid value. To fix the issue you must add quotes around your $_GET[$key] in the fillin function. Something like this should do the job:

if (isset($_GET[$key])) echo "value='".$_GET[$key] . "'";

It works when ran alone because it reaches the end > and just assumes the value to be [email protected]

Problem :

I have a piece of php code inside html tag which is supposed to change the tag’s style in accordance with the contents of the URL.

There is an html login form which looks like this:

<form class="userdata" action="login.php" method="post">
    <input type="text" name="email" placeholder="E-mail" <?php fillin('email'); enlight_unfilled('email');?>><br>
    <input type="password" name="pwd" placeholder="Password"><br>
    <button type="submit" name="login-submit">Login</button>

Here are the functions fillin and enlight_unfilled:

function fillin($key) {
    if (isset($_GET[$key])) echo "value=".$_GET[$key];
    else echo NULL;

function enlight_unfilled($key) {
    if (isset($_GET['error']))
        if (isset($_GET[$key]) and $_GET[$key] !== "") echo NULL;
        else echo "style='border-color: red'";
    else echo NULL;

If I only apply one of the functions within the tag, they both do what they are expected to – either save the email in the field if it has been already typed in or enlighten the email field if it has been left empty. But if I apply them together, when the field is empty, php assigns the field value 'style='border-color:. I also tried to use functions like print and printf, but the result is the same:

enter image description here

I am a beginner at php coding and mixing it with html, so the question may appear to be dumb, but I did not manage to find any sort of a solution to this issue, so thanks for help and patience in advance!


Comment posted by El_Vanja

Your problem lies in quoting. Check the generated HTML (page source) and you should see where you’re going wrong.

Comment posted by Kaiyakha

@El_Vanja well it does what I described:

Comment posted by El_Vanja

I’m guessing you didn’t look at the page source, but rather inspected the element in the browser toolbar. The difference is that when you inspect, you see the HTML after the browser applied some fixes. When you take a look at the source, you should see this:

Comment posted by user3783243

You also are open to XSS injections with this code.

Comment posted by Kaiyakha

@El_Vanja where can I check the source code?

Comment posted by Abbas Akhundov

You are welcome. Take a good look at this line:

Comment posted by Kaiyakha

As far as I got that, for

Comment posted by Quote Marks – HTML

Yes and no. Like you have seen, when using just