I want to send different branded emails. I'm storing the email HTML in the DB because I have an email builder that you just upload an email template made from sendgrid ect and I am passing it to the view blade and escaping all of it. {!!$allhtmlcontent!!}
But then the variables withing the HTML are escaped too and come out like {{$variable}} is there any way to render the blade twice once to pass the HTML with the variables then to pass all the variables in then as well.
I already tried formatting into a string and looking for the variables in the string and pass the whole html string into the blade then.
$emailBlade = CentreEmailTemplate::where('centre_id', $tenant->centre_id)->where('email_template_type_id', 2)->get(); //getting html content
$html = View('emails.Login.LoginDynamic',['html'=>$emailBlade[0]->html_template]); // passing the html content into the blade
$view = $html->render([ // i know this doesnt work :( just demo
'mgrName' => $tenant->name,
'fileUrl' => $fileUrl,
'messageTotal' => $messageTotal,
'isMessageGreater' => $isGreater->message,
'visitorTotal' => $visitorTotal,
'isVisitorGreater' => $isGreater->visitor, //variables that need passed into the html content
'dwellTotal' => $dwellTotal,
'isDwellGreater' => $isGreater->dwell,
'conTotal' => $conTotal,
'isConGreater' => $isGreater->con,
'conRateTotal' => $conRateAvg,
'isConRateGreater' => $isGreater->conRate
]);
just outputs the actual variable name instead of the value.
Thanks in Advance..
One possible solution that I can think of:
$emailBlade = CentreEmailTemplate::where('centre_id', $tenant->centre_id)->where('email_template_type_id', 2)->get()[0]->html_template; //getting html content
$variables = ['{{$mgrName}}' , '{{$fileUrl}}']; //lets say you have two variables
$values = [$tenant->name , $fileUrl];
$email = str_replace($variables , $values , $emailBlade); //now variables are replaced with their values.
Then, in your 'emails.Login.LoginDynami' blade file:
{!! $email !!}
I think what mentioned above is best solution. However as you mentioned that you are already tried this. I can suggest another solution:
Another possible solution is the use of eval(). eval() will evaluate the string as PHP. To use eval() you should first compile the blade string to PHP. which means the {{$variable}} should become something like <?php echo $variable ?>. to do that you can use Blade::compileString($emailBlade). Then you use eval.
However you should be careful about eval. Because you are allowing arbitrary PHP code execution. Therefore if any of the variables are provided by user you should sanitize them.
Related
I'm writing a PHP/MYSQL SaaS app and I'm currently working on email functionality (using Swift). I plan to save email templates to the MySQL database (each tenant will be able to customize them). However, I also need to include dynamic data in the templates ("merge tags" like first name and last name). I tried simply storing {$test} in the DB but that didn't work. Is there something I need to do after pulling the data from MySQL to merge variables into the text before passing it to Swift?
I'm not familiar with the Swift library, but a quick glance at the documentation didn't turn up anything about parsing messages to insert variables. That means you'll likely need to do that yourself.
One way you might do it, is to come up with your own (arbitrary) syntax for holding a variable's position in a message. For example, you might want to use {%VAR_NAME%} or something.
So you can save your templates like:
Hello {%recipient_name%},
This is to inform you that invoice #{%invoice_num%} is available as of {%invoice_date%}.
Thank you, {%sender_name%}
And then, assuming that template is stored in $email_body, you could do a string replace (either str_replace(), or something like preg_replace(). For something this simple, I wouldn't suggest bogging things down with a regular expression search).
Below is an example of how you might go about doing it. You can build the $search and $replace arrays however you would like, but I just laid it out like this to be more human readable.
// Original body:
$email_body = "Hello {%recipient_name%},
This is to inform you that invoice #{%invoice_num%} is available as of {%invoice_date%}.
Thank you, {%sender_name%}";
// Easily readable input values
$values = array(
'recipient_name' => $db_value['recipient_name'],
'invoice_num' => $db_value['invoice_num'],
'invoice_date' => date("Y-m-d"),
'sender_name' => $_SESSION['user_name']
);
// Break it up into the search and replace arrays
$search = array();
$replace = array();
foreach ($values AS $index => $value)
{
$search[] = "{%" . $index . "%}"; // Wrapping the text in "{%...%}"
$replace[] = $value;
}
// Do the replacement
$email_body = str_replace($search, $replace, $email_body);
The main idea here is that you will be replacing placeholders with a specific syntax (eg {%VALUE%}) with a real value. How you generate the $search and $replace variables is up to you.
This will output something like:
Hello Foo,
This is to inform you that invoice #123456 is available as of
2017-05-19.
Thank you, Bar
I am reading content of GET query string, and every time I encounter & for ecample Blackstone Woodfire & Grill, GET is reading Blackstone Woodfire.
How can I avoid this, if possible?
I know I could encode the special characters from the reference page, then decode them when are directed to this page.
I'm just curious.
The problem is that the parameters you send using get, are separated using a &.
So if you have an url like
http:/example.com?param_1=value_1¶m_2=value_2
You will have an $_GET array like
array(
param_1 => 'value_1',
param_2 => 'value_2'
);
Now if you send and url like:
http://example.com?param_1=value_1 & value_2
You will have an $_GET array like
array(
param_1 => 'value_1 ',
' value_2' => ''
);
Simply becuase that is the way sending GET params works.
On the recieving side, there is not much you can do, the problem lies at the other end.
The GET parameters that are beeing send must indeed be encoded, within PHP that is done using
echo 'http://example.com?param_1=' . urlencode('value_1 & value_2');
Javascript uses encodeURIComponent() to solve this issue.
PHP calles urldecode() automaticly on every get parameter when it is creating your $_GET global.
You could use urlencode to encode the get string. And later if u want to fetch it from $_GET u urldecode.
You could replace all ampersands to %26
Basically, what I want to achieve is dynamically replace {SOME_TAG} with "Text".
My idea was to read all tags like {SOME_TAG}, put them into array.
Then convert array keys into variables like $some_tag, and put them into array.
So, this is how far I got:
//Some code goes here
$some_tag = "Is defined somewhere else.";
$different_tag = 1 + $something;
Some text {SOME_TAG} appears in different file, which contents has been read earlier.
//Some code goes here
preg_match_all('/{\w+}/', $strings, $search);
$search = str_replace(str_split('{}'),"",$search[0]);
$search = array_change_key_case( array_flip($search), CASE_LOWER);
...some code missing here, which I cant figure out.
Replace array should look something like this
$replace = array($some_tag, $different_tag);
//Then comes replacing code and output blah blah blah..
How to make array $replace contain variables dynamically depending on $search array?
Why not something along the lines of:
<?php
$replace = array(
'{TAG_1}' => 'hello',
'{TAG_2}' => 'world',
'{TAG_3}' => '!'
);
$myString = '{TAG_1} {TAG_2}{TAG_3}{TAG_3}';
echo str_replace(array_keys($replace), array_values($replace), $myString);
If I understand correctly:
You're working on trying to create a customizable document, using {TAGS} in order to represent replaceable areas that can be filled in with dynamic information. At some point in time while replacing the {TAGS} with the dynamic information, you want the dynamic information to be stored in automatically generated basic variable names, as $tags.
I'm not sure why you want to convert these tags to basic variables instead using them entirely as array keys. I would like to point out that this represents a security or functionality hole - what happens if someone puts {REPLACE} in as a tag in your document? Your replace array would get overwritten with dynamic data, and your whole program would fall apart. Either that, or the whole replace array would get dumped in for {REPLACE}, making for a very messy document with perhaps data you don't WANT them to have in it. Perhaps you have this dealt with - I don't have all the context here - but I thought I'd point out the risk factor.
As for a better solution, unless there's some specific need that you're addressing by going through $tags instead of using using the $replace array directly, I like #Emissary's answer.
I am using Smarty for my template engine.
But I have an issue that is driving me crazy, so please provide a concrete example if you have the solution.
I have some HTML saved in the mySQL DB. When I get it I want to replace {$foo} with the correct value of the variable.
I am trying to do this because I have a multi-language website. So lets assume that this is the code given into the variable $content coming from the DB:
$content = <div id="help">{$lang['helpmeout'}</div>
<div id="hello">{$lang['hello']}</div>
Now assuming that the content above is coming from the DB and that is stored into the $content variable, how do I say to smarty to catch the variables inside the brackets {} and to treat them as normal PHP code? I cannot really get it working.
Nobody seems to have a working solution for this.
Please help
I don't know how Smarty works. Consider this snippet to parse the php variables:
$lang = array('helpmeout' => 'helpMeOut', 'hello' => 'hi');
$content = '<div id="help">{$lang[\'helpmeout\']}</div>
<div id="hello">{$lang[\'hello\']}</div>';
eval('$c = "'.str_replace('"', '\"', $content).'";');
echo $c;
The point here is that evaluating $c = "$content" (scaping ") will parse the php variables.
I hope that helps.
Smarty 3 knows the string resource. If you need to disable certain Smarty features for this, have a look at Smarty Security.
I am working on an application that is used for managing the groups of recipients and multiple contents to send
I want to use different html design so i saved it in a table with some PHP code in it.
But problem is this, I m not getting the PHP code executed when send mail using these HTML contents.
I m using PHPMailer for sending mails and saved HTML contents using addslashes and getting back with stripslashes.
Thanks.
Saved HTML contents using addslashes and getting back with
stripslashes.
That's bad. I don't know why you did, but if your intention was to escape queries, use mysql_real_escape_string(), or an analgoue function for your DB driver (or use parametrized queries).
If your intention was to, I don't know, sanitize html? well, that's useless. So no need to add slashes here for any reason.
But problem is this, I m not getting the PHP code executed when send
mail using these HTML contents.
Because your content is returned as a string, so PHP will read it as such, tags included.
A dirtiest solution, AND HIGHLY DISCOURAGED, is using eval() to evaluate php code and have it executed. But this is very risky and can lead to serious security problems, so I'm not even going to show you some example :)
The BEST SOLUTION is to use some sort of templating system. I'm not suggesting using Smarty or another full-blown template engine, but you can roll-out a simple custom-code parser that can work along these lines:
You save your variables using a placeholder, like
{{variable_text}} {{recipient}} {{address}}
or something like this. The you just replace what you need, so in your PHP script that reads this e-mail you can do like
$change = array('recipient' => 'John Smith',
'address' => 'Unknown Avenue, 666',
'variable_text' => 'We are glad to invite you to');
$text = '<p>To: {{recipient}}.</p>
<p>Address: {{address}}.</p>
Message: Dear{{recipient}}<br />{{variable_text}}';
foreach($change as $k => $v)
{
$text = str_replace('{{'.$k.'}}', $v, $text);
}