trying to get the html code working by using echo,
this works as html:
<input type="text" name="ordernum" value="<?= isset($_POST['ordernum']) ? htmlspecialchars($_POST['ordernum']) : '' ?>" />
but when I escape the value with backslash ( i have tried dozens of combinations and read a lot on stackoverflow,but still cant fix it) I get unexpected T_STRING errors .
echo ' <input type="text" name="ordernum" value=\'= isset($_POST['ordernum']) ? htmlspecialchars($_POST['ordernum']) : '' \' />';
You can't just write arbitrary PHP code in the middle of a string literal
It's because of the $_POST['ordernum'] part.
Re-write it like this:
$val = isset($_POST["ordernumW]) ? htmlspecialchars($_POST["ordernum"]) : "";
echo "<input type='text' name='ordernum' value='$val' />";
You cant use arbitrary code in a string literal. First assign the value in one variable and use that variable in echo statement.
$orderNum = isset($_POST['ordernum']) ? htmlspecialchars($_POST['ordernum']) : '';
echo ' <input type="text" name="ordernum" value="'.$orderNum.'" />';
You need to escape with \ the characters that may end your string (i.e. specifically string delimiters " and ').
Those two lines work:
echo "<input type=\"text\" name=\"ordernum\" value=\"" . (isset($_POST['ordernum']) ? htmlspecialchars($_POST['ordernum']) : '') . "\" />";
echo '<input type="text" name="ordernum" value="' . (isset($_POST['ordernum']) ? htmlspecialchars($_POST['ordernum']) : '') . '" />';
This is what it should be:
echo('<input type="text" name="ordernum" value="'.(isset($_POST['ordernum'])?htmlspecialchars($_POST['ordernum']):'').'">');
You use a full-stop to concatenate strings, so you should be ending the first portion of the string, adding a full-stop, then the dynamic value, another full stop, then the remainder of the string.
So in you're string, what you're doing wrong is here:
value=\'= isset($_POST['ordernum']) ? htmlspecialchars($_POST['ordernum']) : '' \'
Like this:
"first part of string".$myvariable."last part of string";
You only need to escape the quote type which the string is contained by also:
"I need to escape this \" but not this ' "
'I need to escape this \' but not this " '
$val = isset($_POST['ordernum']) ? htmlspecialchars($_POST['ordernum']) : '';
echo '<input type="text" name="ordernum" value="'. $val. '" />';