I'm planning about creating a simple script that will allow unexperienced in PHP users create a code files for one video game. I have two files, "code.txt" and "exec.php". The first file looks like this:
getglobal_move_call("TurnTarget")
getglobal_move_loadk_call("GenerateCSM", "15")
And "exec.php" creates a "temp.php", that imports the user made file. It's filled with "str_replace" functions, and results supposed to look like this:
<?
$temp_line = "TurnTarget(param1)";
file_put_contents($generated_output, $temp_line, FILE_APPEND);
$temp_line = "GenerateCSM(param1, 15)";
file_put_contents($generated_output, $temp_line, FILE_APPEND);
?>
But, when I echo my code after these replacements, I'm getting this:
<?
= "TurnTarget(param1)";
file_put_contents(User/Apple/Sites/Generate/Generated.txt, , FILE_APPEND);
= "GenerateCSM(param1, 15)";
file_put_contents(User/Apple/Sites/Generate/Generated.txt, , FILE_APPEND);
?>
As you can see, str_replace deleted all variables. Is there a solution to this?
It's because you use "" in your code, and PHP replaces $temp_line with it's actual value (null, because there is no such var).
To echo PHP code escape your $ with \
Live demo
$code = <<< PHP
\$temp_line = "TurnTarget(param1)";
file_put_contents(\$generated_output, \$temp_line, FILE_APPEND);
\$temp_line = "GenerateCSM(param1, 15)";
file_put_contents(\$generated_output, \$temp_line, FILE_APPEND);
PHP;
echo $code;
Fixed the problem by separating "$" symbol and variable's name.
str_replace("templine", "$"."templine", $code);
Related
i am trying to use echo inside url. i have store data from the form in database and now i am also fetching it on my page and its working well. Now i am trying to print that data i.e. number and date in url.
Is it possible and if possible please help me out
here is my data that i am fetching and it prints the output
echo $number;
echo $yyyymmdd;
and here is my url in which i want to insert ' echo $number; ' and ' echo $yyyymmdd; ' on the place of and .
$json= file_get_contents("http://api.com/api/a2/live/apikey/fc5a69f870fdb03/number/<number>/date/<yyyymmdd>/");
I have also tried something like this but it gives error of syntex error.
$json= file_get_contents("http://api.com/api/a2/live/apikey/fc5a69f870fdb03/number/"echo $number;"/date/"echo $yyyymmdd;"/");
Another way to add changing parameters to a URL (or string) is by using sprintf(). You define your URL and a type specifier like %d as a placeholder for numbers, and %s for strings. See the php doc for the full list of type specifiers.
$urlFormat = "http://api.com/api/a2/live/apikey/fc5a69f870fdb03/number/%d/date/%s/"
^ ^
Then call sprintf with the changing parameters in order of appearance.
$url = sprintf($urlFormat, $number, $yyyymmdd);
$json = file_get_contents($url);
This becomes more convenient especially if you are calling file get contents in a loop.
Create two variables and append those two inside double-quote or single quote, depending upon the quotes which you have opened and close it.
<?php
$number=123;
$yyyymmdd='2018-10-9';
$json= file_get_contents("http://api.com/api/a2/live/apikey/fc5a69f870fdb03/".$number."/<number>/date/<".$yyyymmdd.">/");
?>
$json= file_get_contents("http://api.com/api/a2/live/apikey/fc5a69f870fdb03/number/".$number."/date/".$yyyymmdd."/");
When you compose text, you do not need "echo" but just can write variable.
You can directly use variables in double quotes like this
file_get_contents("http://api.com/api/a2/live/apikey/fc5a69f870fdb03/number/$number/date/$yyyymmdd/");
Sample code below
$number = 344;
$yyyymmdd = "20180301";
$url1 = "http://api.com/api/a2/live/apikey/fc5a69f870fdb03/number/$number/date/$yyyymmdd/";
echo "url1 ".$url1."\n";
$url2 = "http://api.com/api/a2/live/apikey/fc5a69f870fdb03/number/".$number."/date/".$yyyymmdd."/";
echo "url2 ".$url2. "\n";
I am having an issue where my PHP script opens a file with JSON code and needs to insert it into a MySQL database.
For some reason it only displays some of the output from the JSON.
Here is my code
$json = json_decode(file_get_contents('data.json'), true);
$data = $json;
// VAR's
$system = $data['System'];
$cid_from = $data["From"];
$cid_to = $data['To'];
//DEBUG USAGES
$array = print_r($data, true);
////// THIS ONE WORKS FINE
echo $data["System"];
////// THIS ONE DOESN'T WORK
echo $data["To"];
file_put_contents('output/json-local.txt',$array . "\r\n", FILE_APPEND);
////// BUT HERE IT ACTUALLY WORKS
file_put_contents('output/cli-from.txt',$data['From']. "\r\n", FILE_APPEND);
file_put_contents('output/cli-to.txt',$data['To']. "\r\n", FILE_APPEND);
// file_put_contents('json-sysid-local.txt',$systemid . "\r\n", FILE_APPEND);
Here is the contents of data.json
{"action":"call-data-record",
"System":"48130b83e2232f0ecd366a92d4d1261d",
"PrimaryCallID":"n1bWEfCdHcf#MSS.MTN.CO.ZA-b2b_1",
"CallID":"0440b807#pbx",
"From":"<sip:+27722080036#xxx.co.za>",
"To":"<sip:27102850816#xxx.co.za>",
"Direction":"O",
"RemoteParty":"",
"LocalParty":"",
"TrunkName":"",
"TrunkID":"",
"Cost":"",
"CMC":"",
"Domain":"xxx.co.za",
"TimeStart":"2018-08-14 16:03:21",
"TimeConnected":"",
"TimeEnd":"2018-08-14 16:03:23",
"LocalTime":"2018-08-14 18:03:21",
"DurationHHMMSS":"0:00:00",
"Duration":"0",
"RecordLocation":"",
"RecordUsers":"",
"Type":"hunt",
"Extension":"100",
"ExtensionName":"100",
"IdleDuration":"",
"RingDuration":"2",
"HoldDuration":"0",
"IvrDuration":"0",
"AccountNumber":"400",
"IPAdr":"",
"Quality":"VQSessionReport: CallTerm\r\nLocalMetrics:\r\nCallID:0440b807#pbx\r\nFromID:<sip:27102850816#xxx.co.za>\r\nToID:<sip:+27722080036#xxxx.co.za>;tag=1460166964\r\nx-UserAgent:Vodia-PBX/57.0\r\nx-SIPmetrics:SVA=RG SRD=91\r\nx-SIPterm:SDC=OK SDR=OR\r\n"}
Your "To" data is encapsulated in <>. This causes your browser to interpret it as an HTML tag and not display any content.
You can (should!) escape the special HTML control characters:
echo htmlspecialchars($data["To"]);
See http://php.net/htmlspecialchars
Edit: It doesn't hurt to precautionary add this to your other outputs aswell. If the string doesn't contain such characters, it will simply be returned onchanged. You eliminate possible XSS attack vectors this way.
The browser source clearly shows "To":"" is being written by PHP to the browser output correctly but the browser is interpreting as an HTML opening tag hence ignoring the rest of the content.
Wrap your output in the PHP htmlspecialchars() function to see the output as in the file.
Add - echo "TO : ".htmlspecialchars($data["To"]);
I have a file like this
**buffer.php**
ob_start();
<h1>Welcome</h1>
{replace_me_with_working_php_include}
<h2>I got a problem..</h2>
ob_end_flush();
Everything inside the buffer is dynamically made with data from the database.
And inserting php into the database is not an option.
The issue is, I got my output buffer and i want to replace '{replace}' with a working php include, which includes a file that also has some html/php.
So my actual question is: How do i replace a string with working php-code in a output-buffer?
I hope you can help, have used way to much time on this.
Best regards - user2453885
EDIT - 25/11/14
I know wordpress or joomla is using some similar functions, you can write {rate} in your post, and it replaces it with a rating system(some rate-plugin). This is the secret knowledge I desire.
You can use preg_replace_callback and let the callback include the file you want to include and return the output. Or you could replace the placeholders with textual includes, save that as a file and include that file (sort of compile the thing)
For simple text you could do explode (though it's probably not the most efficient for large blocks of text):
function StringSwap($text ="", $rootdir ="", $begin = "{", $end = "}") {
// Explode beginning
$go = explode($begin,$text);
// Loop through the array
if(is_array($go)) {
foreach($go as $value) {
// Split ends if available
$value = explode($end,$value);
// If there is an end, key 0 should be the replacement
if(count($value) > 1) {
// Check if the file exists based on your root
if(is_file($rootdir . $value[0])) {
// If it is a real file, mark it and remove it
$new[]['file'] = $rootdir . $value[0];
unset($value[0]);
}
// All others set as text
$new[]['txt'] = implode($value);
}
else
// If not an array, not a file, just assign as text
$new[]['txt'] = $value;
}
}
// Loop through new array and handle each block as text or include
foreach($new as $block) {
if(isset($block['txt'])) {
echo (is_array($block['txt']))? implode(" ",$block['txt']): $block['txt']." ";
}
elseif(isset($block['file'])) {
include_once($block['file']);
}
}
}
// To use, drop your text in here as a string
// You need to set a root directory so it can map properly
StringSwap($text);
I might be misunderstanding something here, but something simple like this might work?
<?php
# Main page (retrieved from the database or wherever into a variable - output buffer example shown)
ob_start();
<h1>Welcome</h1>
{replace_me_with_working_php_include}
<h2>I got a problem..</h2>
$main = ob_get_clean();
# Replacement
ob_start();
include 'whatever.php';
$replacement = ob_get_clean();
echo str_replace('{replace_me_with_working_php_include}', $replacement, $main);
You can also use a return statement from within an include file if you wish to remove the output buffer from that task too.
Good luck!
Ty all for some lovely input.
I will try and anwser my own question as clear as I can.
problem: I first thought that I wanted to implement a php-function or include inside a buffer. This however is not what I wanted, and is not intended.
Solution: Callback function with my desired content. By using the function preg_replace_callback(), I could find the text I wanted to replace in my buffer and then replace it with whatever the callback(function) would return.
The callback then included the necessary files/.classes and used the functions with written content in it.
Tell me if you did not understand, or want to elaborate/tell more about my solution.
I have a php page that is reading from a file:
$name = "World";
$file = file_get_contents('html.txt', true);
$file = file_get_contents('html.txt', FILE_USE_INCLUDE_PATH);
echo $file;
In the html.txt I have the following:
Hello $name!
When I go to the site, I get "Hello $name!" and not Hello World!
Is there a way to get var's in the txt file to output their value and not their name?
Thanks,
Brian
The second param of file_get_contents has nothing to do with how to interpret the file - it's about which pathes to check when looking for that file.
The result, however, will always be a complete string, and you can only "reinterpolate" it with evial.
What might be a better idea is using the combination of include and output control functions:
Main file:
<?php
$name = "World";
ob_start();
include('html.tpl');
$file = ob_get_clean();
echo $file;
html.tpl:
Hello <?= $name ?>
Note that php tags (<?= ... ?>) in the text ('.tpl') file - without it $name will not be parsed as a variable name.
One possible approach with predefined values (instead of all variables in scope):
$name = "World";
$name2 = "John";
$template = file_get_contents ('html_templates/template.html');
$replace_array = array(
':name' => $name,
':name2' => $name2,
...
);
$final_html = strtr($template, $replace_array);
And in the template.html you would have something like this:
<div>Hello :name!</div>
<div>And also hi to you, :name2!</div>
To specifically answer your question, you'll need to use the 'eval' function in php.
http://php.net/manual/en/function.eval.php
But from a development perspective, I would consider if there was a better way to do that, either by storing $name somewhere more accessible or by re-evaluating your process. Using things like the eval function can introduce some serious security risks.
I would like to know if it's possible to execute the php code in a string. I mean if I have:
$string = If i say <?php echo 'lala';?> I wanna get "<?php echo 'dada'; ?>";
Does anybody knows how?
[EDIT] It looks like nobody understood. I wanna save a string like
$string = If i say <?php count(array('lala'));?>
in a database and then render it. I can do it using
function render_php($string){
ob_start();
eval('?>' . $string);
$string = ob_get_contents();
ob_end_clean();
return $string;
}
The problem is that I does not reconize php code into "" (quotes) like
I say "<?php echo 'dada'; ?>"
$string = ($test === TRUE) ? 'lala' : 'falala';
There are lots of ways to do what it looks like you're trying to do (if I'm reading what you wrote correctly). The above is a ternary. If the condition evaluates to true then $string will be set to 'lala' else set to 'falala'.
If you're literally asking what you wrote, then use the eval() function. It takes a passed string and executes it as if it were php code. Don't include the <?php ?> tags.
function dropAllTables() {
// drop all tables in db
}
$string = 'dropAllTables();';
eval($string); // will execute the dropAllTables() function
[edit]
You can use the following regular expression to find all the php code:
preg_match_all('/(<\?php )(.+?)( \?>)/', $string, $php_code, PREG_OFFSET_CAPTURE);
$php_code will be an array where $php_code[0] will return an array of all the matches with the code + <?php ?> tags. $php_code[2] will be an array with just the code to execute.
So,
$string = "array has <?php count(array('lala')); ?> 1 member <?php count(array('falala')); ?>";
preg_match_all('/(<\?php )(.+?)( \?>)/', $string, $php_code, PREG_OFFSET_CAPTURE);
echo $php_code[0][0][0]; // <?php count(array('lala')); ?>
echo $php_code[2][0][0]; // count(array('lala'));
This should be helpful for what you want to do.
Looks like you are trying to concatenate. Use the concatenation operator "."
$string = "if i say " . $lala . " I wanna get " . $dada;
or
$string = "if i say {$lala} I wanna get {$dada}.";
That is what I get since your string looks to be a php variable.
EDIT:
<?php ?> is used when you want to tell the PHP interpreter that the code in those brackets should be interpreted as PHP. When working within those PHP brackets you do not need to include them again. So as you would just do this:
// You create a string:
$myString = "This is my string.";
// You decide you want to add something to it.
$myString .= getMyNameFunction(); // not $myString .= <?php getMyNameFunction() ?>;
The string is created, then the results of getMyNameFunction() are appended to it. Now if you declared the $myString variable at the top of your page, and wanted to use it later you would do this:
<span id="myString"><?php echo $myString; ?></span>
This would tell the interpreter to add the contents of the $myString variable between the tags.
Use token_get_all() on the string, then look for a T_OPEN_TAG token, start copying from there, look for a T_CLOSE_TAG token and stop there. The string between the token next to T_OPEN_TAG and until the token right before T_CLOSE_TAG is your PHP code.
This is fast and cannot fail, since it uses PHP's tokenizer to parse the string. You will always find the bits of PHP code inside the string, even if the string contains comments or other strings which might contain ?> or any other related substrings that will confuse regular expressions or a hand-written, slow, pure PHP parser.
I would consider not storing your PHP code blocks in a database and evaluating them using eval. There is usually a better solution. Read about Design Pattern, OOP, Polymorphism.
You could use the eval() function.