Finding a rogue <!----> in PHP [closed]

Question

This: <!---->

This... this... thing. Right there.

7 characters of evil, forcing IE to render all pages with it at the top like this in quirks mode:

<!----><!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="UTF-8">

If it's not evil I don't know what is, because it certainly isn't in my template file, since the first few lines of that are:

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="UTF-8">
        <?php $this->outputHead(); ?>
    </head>

I certainly don't see any issues in my actual outputting code:

function build()
{
    if ($this->disabled)
    {
        return $this->content;
    }
    else
    {
        global $footer;
        ob_start();
        $location = $this->location;
        include($this->location['theme_nr'].'/overall.php');
        return ob_get_clean();
    }
}

function outputAll()
{
    // stop capturing everything
    $this->content = ob_get_clean();

    // build the page
    echo $this->build();
}

I really just don't get it. How could this thing get into my code?

I can just imagine that > bit at the end turning into a smile, and the thing is laughing at me.

It haunts my dreams, it kills my cats, I don't know what it's going to do next but it's going to kill something.

Help me, ye gods of web development!

EDIT: Just a note, it does appear in all browsers, but it seems to drive IE ballistic and none of the others.

Answer 1

I found the culprit.

Somehow, a kludge I have in a function to hide a MySQL error is only causing issues in one of my branches, even though the function and where it's called from hasn't changed between the two branches.

For those interested, the code in question:

function isexistinguser($uname,$pwd)
{
    global $location;

    $uname = mysql_real_escape_string($uname);

    $result = mysql_query("SELECT * FROM users WHERE user_username = '$uname'");

    $hit = 0;
    $rowcounted = false;
    $salt = '';

    echo '<!--'; // cheap fix for mysql error - FIND A BETTER WAY!

    while($row = mysql_fetch_array($result))
    {       
        // Do stuff to figure out what to return
    }

    echo '-->'; // cheap fix for mysql error - FIND A BETTER WAY!

    return array($hit,$salt);
}