Hi I'm a newbie to PHP, just tryin' to get my feet wet..

I know the following code is a disaster but I'm trying to get my syntax right. If the file doesn't exist I want to have an option to create a new page with the form submit button.

Thanks!


<?php
$filename = 'page2.txt';

if (file_exists($filename)) {
print "

<form action=""<?= $_SERVER['PHP_SELF'] ?>"" method=""POST"">

<?php

$ourFileName = "page2.txt";
$ourFileHandle = fopen($ourFileName, 'w') or die("can't open file");
fclose($ourFileHandle);

?>
<input type="submit" value="Page 2">
</form>";
}
else {
print "The file $filename does not exist";
}
?>

You can't open and close php tags within PHP tags.

This script, if it could work, would be a huge security hole. If I work out what your form's action is, I can post to your page create URLs with a script of my own and now I'll have access to your entire server.

You can create the page yourself but not by giving the user the ability to add PHP. You can collect the variables need in a form to build the page (validate and sanitize them) and build the new script in the code.

For starters, to concatenate in PHP you use the period (.), and I personally open and close prints with a single quote if I know I will be writing double quotes in it like: print '<form action=" '. $_SERVER['PHP_SELF']. ' " method="POST">'; (I put spaces between the " and ' for clarity.)

That aside, you shouldn't use PHP print() to generate other PHP. Ultimately all PHP turns into HTML in the end (or maybe JavaScript if you know what you're doing). It seems like you are tring to print() everything in the IF clause, when you should be executing it. As far as I know you would just be printing the code to a webpage in plain text at this point.

One last tip, be VERY careful with the difference between single and double quotes; print "The file $filename does not exist"; IS correct! Hurray! However, if you would have used single quotes it would have literally printed everything including '$filename', not the contents of the variable.

Sorry I didn't comment on it's functionality. HA. You've got bigger fish to fry.

Right on, I figured it was a syntax error. I usually use ASP but I'm trying to do a couple things in PHP. Thank you both for your responses they were very helpful!

As far as I know you would just be printing the code to a webpage in plain text at this point.

I doubt this will run. I think the first parse error will come from

print "

<form action=""

Next (after that's fixed) The PHP will exit at the first closing tag and without a closing } will return a parse error.

ahh you beat me to it, lol

Yep that's the first thing I tried, lol. thanks!