PHP in HTML Form Action Tag

Question

First PHP page, so this is likely a problem surfacing out of something stupid I'm missing, but I'm not sure what. I'm following the tutorial on W3Schools to create a form with protection from XSS, but when I use the code<form method="post" action="<?php echo $_SERVER['PHP_SELF'); ?>">, it is parsed such that the first > is associated with the form tag, so the quotes are mismatched, and the action doesn't complete correctly.

This is what the page looks like:

EDIT: Full Code Below

<body>
<?php
    $fname = $lname = $email = $student = "";
    if($_SERVER["REQUEST_METHOD"] == "POST")
    {
        $fname = $_POST["fname"];
        $lname = $_POST["lname"];
        $email = $_POST["email"];
        switch($_POST["student"])
        {
            case "u":
                $student = "Undergraduate";
                break;
            case "g":
                $student = "Graduate";
                break;
            default:
                $student = "Non-Student";
        }   
    }
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'); ?>">
    <p>First Name: <input type="text" name="fname"> </p>
    <p>Last Name: <input type="text" name="lname"> </p>
    <p>Email: <input type="email" name="email"> </p>
    <p>Student Status: <select name="student">
                        <option value="u">Undergraduate</option>
                        <option value="g">Graduate</option>
                        <option value="x">Non-Student</option>
                    </select> </p>
    <input type="submit" value="Submit">
</form>

<?php
    echo "<h3>Input:</h3>"
    echo "Name: " . $fname . " " . $lname . "<br>";
    echo "Email: <a href=mailto:" . $email . ">" . $email . "</a><br>";
    echo "Student: " . $student;
?>
</body>

Answer 1

.html files do not get parsed like .php files do, therefore you will need to install a Webserver on your system.

Sidenote: You can instruct Apache to treat .html files as PHP, if and when the time comes that you want to do this, it is possible.

• Here is an article on Stack: Using .htaccess to make all .html pages to run as .php files?

.php files cannot be run directly from a web browser, unless they are parsed and running off a server or a hosted site.

They require to be accessed as http://localhost/file.php from a local machine.

Depending on your platform, you can use Xampp which runs on Windows, Mac and Linux.

• https://www.apachefriends.org/

Wamp:

• http://www.wampserver.com/en/
• http://www.easyphp.org/

Mamp (Mac):

• https://www.mamp.info/

---

Plus, you have a few syntax errors.

action="<?php echo $_SERVER['PHP_SELF'); ?>">
                                      ^

that should be a square bracket, rather than a parentheses.

action="<?php echo $_SERVER['PHP_SELF']; ?>">

and echo "<h3>Input:</h3>" is missing a closing semi-colon.

Those would throw/cause a parse error.

Answer 2

The solution may be apparent, the closing bracket is mismatched.

Change:

<form method="post" action="<?php echo $_SERVER['PHP_SELF'); ?>">

To:

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

Notice ['PHP_SELF') and ['PHP_SELF'].