Page 1 of 1
html tags inside php code
Posted: Fri Jun 09, 2006 9:17 pm
by deathknight
I was lookin at a php script i downloaded from the internet and it had all the html tags inside php echo statements
I had a few questions about that if anyone knows the answers:
1. if you follow this method do you need all the tags such as <html> <head> <body>?
2. is there any great advantages/disadvantages to doing this?
3. any security issues with this approach?
thank you for any input
Re: html tags inside php code
Posted: Fri Jun 09, 2006 9:35 pm
by Christopher
1. if you follow this method do you need all the tags such as <html> <head> <body>?
Yes. Server side languages are meant to generate output, such as HTML or XML. That output needs to be correctly formatted per the specification for that language.
2. is there any great advantages/disadvantages to doing this?
Yes, you can enbed PHP variables in the output in a way that is often clearer than <?php ?> tags. Ultimately it is the way to separate the PHP language from the lanugage you are outputting.
3. any security issues with this approach?
Only if you are re-outputting data that you received from an untrusted source such as GET/POST/COOKIE.
Posted: Mon Jun 12, 2006 7:41 pm
by deathknight
thx for the info
what kind of security issues? anything specific to avoid?
Posted: Tue Jun 13, 2006 7:48 am
by Roja
deathknight wrote:what kind of security issues? anything specific to avoid?
arborint wrote:re-outputting data that you received from an untrusted source such as GET/POST/COOKIE.