-2

I have the following code in a html and suspect the line with "htmlspecialchars($_SERVER["PHP_SELF"])" is the error : ... 

$check = 0;

if ($count == 1) {
    if ($username == "johnny" && $password == "123123") {
        echo "Hej $username. din kode er korrekt. Velkommen! <br>"; 
        $check = 1;         
    }
    else {
        echo "hej, din kode eller brugernam " . "er forkert. <br>";
        echo "forsøg venligst igen: <br><br>";
    }

}
if (check == 0) {
    echo "<h1>Indtast venligst brugernavn og din kode</h1>";
    echo "<form action= \"htmlspecialchars($_SERVER["PHP_SELF"])\" method=\"post\">";
    echo "<input type=\"hidden\" name=\"count\" value=\"1\">";
    echo "username: <input type=\"text\" name=\"username\">";
    echo "<br>";
    echo "password: <input type=\"password\" name=\"password\">";
    echo "<br><br>";
    echo "<input type=\"submit\">";
    echo "</form>";
}



?>

...

Batterman
  • 33
  • 2
  • What does "doesn't work" mean? Please read [ask]. – ChrisGPT was on strike Nov 16 '19 at 23:20
  • 1
    You definitely shouldn't be hard-coding a cleartext password in your PHP. Find a tutorial that uses [`password_hash()`](https://secure.php.net/manual/en/function.password-hash.php) and [`password_verify()`](https://secure.php.net/manual/en/function.password-verify.php) instead. – ChrisGPT was on strike Nov 16 '19 at 23:21
  • 1
    `if (check == 0) {` should be `if ($check == 0)` and `echo "
    ";` should be `echo "
    ";` there is no need to use `htmlspecialchars` on that value
     – Nick Nov 16 '19 at 23:24

1 Answers1

-1

Quite simple - to me it looks like you accidentially broke your echo :) I am still not sure about the rest of the snipplet, just make sure you never loose your echo output by a mistakenly written " instead of '.

Use

    echo "<form action='".htmlspecialchars($_SERVER['PHP_SELF'])."' method='post'>";

instead of

    echo "<form action= \"htmlspecialchars($_SERVER["PHP_SELF"])\" method=\"post\">";

You know, htmlspecialchars() is a php-Function you want to execute during the php parsing process. Therefore it has to be applicable outside of the actually given output.

mZed
  • 339
  • 2
  • 7