<iframe width="420" height="345" src="<?php echo htmlspecialchars($output); ?>"> </iframe>
You're missing echo
. Also, always use htmlspecialchars()
to ensure you are creating valid HTML that isn't vulnerable to injection. If you find yourself doing this a lot, consider using a template engine.