I just created a mysql with php scripts to manage it. I had quite a time finding security for the output. Finally got htmlprotector to do it for not only php script but the php generated output with the output data from mysql database. I got the php script from the internet but had to add starting tags for the head, title, body and ending tags for the same tags. Then and only then did the htmlprotector deal with the output security generated from the php script. Also had to use php scripting in the html code in the php program instead of html code in the php. For instance, html code with

<? echo $field; ?>

rather than

echo  "html code";

in php script. Confusing isn't it. Then I used the php option instead of html standard option. Anyway, it worked. Also had to block off any php code with the <? ?> if it was within the html section of my php script.


Well welcome to daniweb as I see it's your first post. And I shall explain on why the second box may not work and some of the php basics related to that. When writing php scripts, you need to surround the php code with the <? and ?> tags. That lets php know the beginning and end of a section of php in basic terms. So your second example should look more like the following:

<? echo  "html code"; ?>

Also when using these two php tags, you can use it on large chunks of code like the following

<? echo "html code";
for ($i=0; $i<10; $i++) {
echo '<br>loop line: '.$i;
} ?>

There the basics on the code tag and you may also want to note that there have been a number of dabates that using single quotes ' are faster. It makes sense because the double quotes " have a extra little syntax added to them with extra abilities that can usually be avoided.
I hope that explains the theory behind why your second script wouldn't work and some extra php info that may be useful since I couldn't see any direct question on this thread.