Some tips on outputting HTML with PHP:
- Use single quotes so that you don't have to escape the double quotes (when using echo),
- Use
htmlspecialchars()
to properly escape any "rogue" values you may have.
Example using echo
:
echo '<input type="hidden" name="id" value="', htmlspecialchars($row['id'], ENT_QUOTES, 'UTF-8'), '" />';
Or printf()
:
printf('<input type="hidden" name="id" value="%s" />',
htmlspecialchars($row['id'], ENT_QUOTES, 'UTF-8')
);
Or, in HTML mode:
?>
<input type="hidden" name="id" value="<?php echo htmlspecialchars($row['id'], ENT_QUOTES, 'UTF-8'); ?>" />
<?php