user3076132 user3076132 - 1 month ago 7
HTML Question

PHP code displaying as comments in browser using WAMP

As is says in the title, my PHP code is showing up in the browser code inspector like it is commented out.
For example,

<?
include("assets/php/dbconn.inc.php");
$conn = dbConnect();

$sql = "SELECT * FROM movies";
$rs = $conn->query($sql) or die ("Movie query failed");
$number_of_rows = $rs->num_rows;


while($row = $rs->fetch_assoc()){
echo("{$row['title']}");
}
?>


displays in the browser as

<!--?
include("assets/php/dbconn.inc.php");
$conn = dbConnect();

$sql = "SELECT * FROM movies";
$rs = $conn--->


and the rest of the code prints on the webpage.

I am testing this using WAMP on my local machine. Any idea where these comment tags are coming from?

Answer

Never use short open tag <? in your PHP code. Always use long tags <?php, simply because <? can be disabled (or not enabled, may depend on distro) in php.ini with short_open_tag directive (and this looks like your culprit). In result, PHP scripts are not processed by PHP interpreter and will usually end up sent to the visitor as plain text, exposing your whole source code (but also DB credentials etc).