question about heredoc strings

<form action="index.php" method="POST" name="user">

is comment it with <!-- and --> this works, but if I see the page

> $foo = <<<bar
> ............................................................................
> HTML code here..............................................
> .....................................................................
> $lang = mysql_query("SELECT * FROM lang where selected != '*'");
> ...................................................................
> more PHP consults to mysql here
> ......................................................
> bar;

> The question is how to escape the php code for display into HTML, what I
> have done is comment it with <!-- and --> this works, but if I see the
> page source code I can see all the php code commented here, and
> obviously is insecure for the system, anyone know what to do?

> *** someusernamehere escribió/wrote (Fri, 1 Aug 2008 09:03:15 -0700 (PDT)):
>> $foo = <<<bar
>> ............................................................................
>> HTML code here..............................................
>> .....................................................................
>> $lang = mysql_query("SELECT * FROM lang where selected != '*'");
>> ...................................................................
>> more PHP consults to mysql here
>> ......................................................
>> bar;
>
>> The question is how to escape the php code for display into HTML, what I
>> have done is comment it with <!-- and --> this works, but if I see the
>> page source code I can see all the php code commented here, and
>> obviously is insecure for the system, anyone know what to do?
>
> Heredoc syntax is similar to double quotes: you get variables replaced with
> their values, but that's all. You can't put PHP code inside.

>
>