I'm trying to put content into another file in the specific div. I tried file_put_contents and fopen, these are working but i want to put content in different way. I have different email template, so i'm trying to add the message and subject dynamically into the template in the specific div, once content added then i will get content from template and send the email.
What i'm trying
In the market_template.php i have a template where i'm showing the $_REQUEST values in the relevant div
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Marketing Template</title>
</head>
<body>
<div class="main">
<div id="subject">
<?php
if(isset($_REQUEST['subject'])){
echo $_REQUEST['subject'];
}
?>
</div>
<div id="message">
<?php
if(isset($_REQUEST['message'])){
echo $_REQUEST['message'];
}?>
</div>
</div>
</body>
</html>
In my core.php i'm pushing the content through url query string and then i'm getting the market_template.php content.
// Getting content from file
$url = base_url.'market_template.php?eml_sub='.$subject.'&eml_msg='.$message;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$data = curl_exec($ch);
curl_close($ch);
if(!empty($data)){
echo $data;
}
But the problem is that url query string does not adding full content into the template. For example i added in the URL
?eml_sub=This is test subject
But in the result i get only first word This the rest of content does not added and also second variable value is not adding.
So is there possible to put the value into another file and then get through php, i would like to appreciate. Thank you
As I said in the comment, in this part : ?eml_sub=This is test subject, it will take only the first word This because of the space in the URL.
One way to prevent that behavior is to use urlencode() function and urldecode() function after treatment.
Doc:
http://php.net/manual/en/function.urlencode.php
http://php.net/manual/en/function.urldecode.php
Related
I would like to create a system to issue opinions on a given thing. I'm at a good point, but I can not get created for each element taken from the database a correspond div. Let me explain, for example if I have three reviews made by the three authors, I would like three divs for the reviews, and three for the authors, then automatically generated by the loop. How can i do?
You can do this.. First of all add <body> tag to your html document
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<?php
$Content = mysql_query("SELECT * FROM feedback");
while($Row = mysql_fetch_array($Content)) {
$Feedback = $Row['FeedbackUser'];
$UserNick = $Row['UserNickname'];
$UserMail = $Row['UserEmail'];
echo "<div>{$Feedback}</div>"; // Displaying feedback as div
echo "<div>{$UserNick }</div>"; // Displaying UserNick as div
echo "<div>{$UserMail }</div>"; // Displaying UserMail as div
}
?>
</body>
Hope this is what you are looking for
I am having problems displaying views with a template.
My template looks like this:
<?php
$this->load->view('includes/header');
if($this->session->userdata('is_loggedin')!=1) //check if logged in
{
$this->load->view('includes/not_loggedin'); //includes this when not logged in
}
else //includes all this when is logged in
{
if(isset($content)) //check if content variable isnt empty
{
$this->load->view($content); //THIS IS MY CONTENT WHIC IS DISPLAYED IN WRONG POS
}
$this->load->view('includes/is_loggedin'); //
}
$this->load->view('includes/footer');
?>
By wrong position, I mean that my form is being displayed in the top lefthand corner outside of the HTML structure. Here is a copy from inspect element window. Notice where the div is located; the head tags are empty; and, the head information is in body.
<html lang="en">
<head></head> //head tags are empty
<body>
<div id="settings">...</div> //this is my loaded div
<meta charset="utf-8">
<title>Sludinājumu lapa</title> //head info outside tags
<link href="/assets/css/style.css" type="text/css" rel="stylesheet">
<div id="wrapper">....</div> //i need settings div inside wrapper div
</body>
</html>
Without loading that view, the HTML structure is fine. Also there is no problems with loading is_loggedin and not_logged into the views.
My header contains :
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Sludinājumu lapa</title>
<link rel="stylesheet" type="text/css" href="/assets/css/style.css">
</head>
<body>
<div id="wrapper">
And the footer contains:
<foter>
<p>developed by kriss</p>
</foter>
</div> //End of "wrapper" div
</body>
</html>
From the controller I am passing the data like this:
$data['content'] = $this->load->view('vchangeinfo');
$this->load->view('template', $data);
Any ideas why everything is so messed up?
Two ways of doing this:
Codeigniter views
Load it in advance (like you're doing) and pass to the other view
There is a third optional parameter lets you change the behavior of the function so that it returns data as a string rather than sending it to your browser. This can be useful if you want to process the data in some way. If you set the parameter to true (boolean) it will return data. The default behavior is false, which sends it to your browser. Remember to assign it to a variable if you want the data returned:
// the "TRUE" argument tells it to return the content, rather than display it immediately
$data['content'] = $this->load->view('vchangeinfo', NULL, TRUE);
$this->load->view ('template', $data);
// View
if(isset($content)) //check if content variable isnt empty
{
$this->load->view($content);
// OR don't know wich one works.
// echo $content;
}
Load a view "from within" a view:
<?php
// Controller
$this->load->view('template');
<?php
// Views : /application/views/template.php
$this->view('vchangeinfo');
I am using a form to insert text into a MySQL database.
When the user keys in text manually into the form, the results are inserted into the database perfectly.
However if the user copies and pastes text from say another web page, there are hidden p tags which are sent to the database with the text. The tags are not viewable within the form itself but when submitted they are still sent to the database.
If I then use a MySQL SELECT statement to display the results on a web page, the unwanted tags are displayed and they break the layout of my web page!
Therefore I just need to know how I stop unwanted 'p' 'span' and 'div' tags from being inserted into my MySQL database when I copy and paste text from another web page.
The web form in question is part of a content management system that I am building. I need the form to be bullet proof from a user point of view. And the reality is that users will more than likely be copying and pasting text from other websites and also possibly from word documents and I need to ensure that no unwanted 'p' 'span' and 'div' tags are inserted into the database when copied and pasted from third party sources.
Here is my code for the form:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Untitled</title>
<script type="text/javascript" src="http://www.achcreative.net/ckeditor/ckeditor.js"></script>
<link href="../elite.css" rel="stylesheet" type="text/css" />
</head>
<body>
<!--Begin Main Menu -->
<?php include("includes/menu.inc.php"); ?>
<!--End Main Menu -->
<h2 class="subheaderh2">Insert New News Entry</h2>
<form method="post" action="insert_news.php">
<input name="publish" type="hidden" id="publish" value="publish" />
<table>
<tr><td><p>News Title:</p></td></tr>
<tr><td><input name="newstitle" type="text" size="43" id="newstitle"></td></tr>
<tr><td><p>News Article:</p></td></tr>
<tr><td><textarea name="newsarticle" cols="40" rows="10" id="newsarticle"></textarea>
<script type="text/javascript">
//<![CDATA[
// Replace the <textarea id="editor"> with an CKEditor
// instance, using default configurations.
CKEDITOR.replace( 'newsarticle',
{
toolbar :
[
[ 'Bold', 'Italic', '-', 'NumberedList', 'BulletedList', '-', 'Link', 'Unlink' ],
]
});
//]]>
</script>
</td></tr>
<tr><td height="30" colspan="2"><input type="submit" value="Submit"></td></tr>
</table></form>
<p>Return</p>
</body>
</html>
Here is my code for the form processing script:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Untitled</title>
</head>
<body>
<h2 class="subheaderh2">News Entry Results</h2>
<?php
// create short variable names
$newstitle=$_POST['newstitle'];
$newsarticle=$_POST['newsarticle'];
$publish=$_POST['publish'];
if (!$newstitle || !$newsarticle)
{
echo '<p>You have not entered all the required details.<br />'
.'Please go back and try again.</p>'
.'<p>Return</p>';
exit;
}
if (!get_magic_quotes_gpc())
{
$newstitle = addslashes($newstitle);
$newsarticle = addslashes($newsarticle);
}
$time = date("l jS F Y - g:iA");
// connect to the database
include('../connect-db.php');
/* Create the prepared statement */
if ($stmt = $mysqli->prepare("INSERT INTO news (id, newstitle, newsarticle, date, archive) values (NULL, ?, ?, NOW(), ?)")) {
/* Bind our params */
$stmt->bind_param('sss', $newstitle, $newsarticle, $publish);
/* Set our params */
$newstitle=$_POST['newstitle'];
$newsarticle=$_POST['newsarticle'];
$publish=$_POST['publish'];
/* Execute the prepared Statement */
$stmt->execute();
/* Echo results */
echo "{$newstitle}";
echo "<br />{$newsarticle}";
echo "Inserted into database on: ";
echo "$time";
echo "<br />";
echo "<br />";
echo 'view results';
/* Close the statement */
$stmt->close();
}
else {
/* Error */
printf("Prepared Statement Error: %s\n", $mysqli->error);
}
/* close our connection */
$mysqli->close();
?>
</body>
</html>
Many thanks in advance
Regards
Andrew
I want to point out that your code is vulnerable to XSS.
Now back to your question:
you probably use a html editor. Try to strip remove unwanted tags before them go submitted with javascript and onsubmit attribute. You can strip the tags with following regex:
value_of_editor.replace(/<[^>]+>/g,'');
Also make sure to dont output raw html but escape html before sending html to client.
Update:
It's not necessary to put escaped message to database - i think its just waste of length of data. And you should always check what you are outputting to client.
CKEditor offers a large number of configuration options that affect the final output of the content.
If you don't want HTML tags included when something is pasted into the editor, you can force paste operations to be text only, which will strip out HTML tags.
config.forcePasteAsPlainText = true;
It would be helpful if you could include an example of problematic content that is copied from another web page and pasted into the editor. Include the following three pieces.
1) The portion of the web page that was copied.
2) The source code from that web page for the portion that is being copied.
3) The source code of the CKEditor content after the paste operation.
To see the source code within the editor, you'll need to temporarily add the "Source" button back into your toolbar:
CKEDITOR.replace( 'newsarticle',
{
toolbar :
[
[ 'Source','Bold', 'Italic', '-', 'NumberedList', 'BulletedList', '-', 'Link', 'Unlink' ],
]
});
After the paste operation, click the source button and copy the content that was pasted. This will allow you to see exactly what is happening.
The list of configuration options is available here:
CKEditor 3 JavaScript API Documentation Namespace CKEDITOR.config
You should use the function strip_tags in order to strip (obvious) tags and potentially harmful code off of strings. (be it html or php code)
$foo = strip_tags('<b>code with html</b>'); // $foo will be "code with html"
You can use the strip_tags() function on the text that needs to be inserted in your database.
Here's the reference
I'm trying to echo a PHP tag by doing this:
echo "<?php echo \"test\"; ?>";
The result should be just "test" without quotes, but my code isn't working. What is happening is that nothing is shown on the page, but the source code is "<?php echo "teste"; ?>"
Most of you will want to know why I want to do this. I'm trying to make my own template system; the simplest way is just using file_get_contents and replacing what I want with str_replace and then using echo.
The problem is, that in the template file, I have to have some PHP functions that doesn't work when I echo the page, is there another simple way to do this? Or if you just answer my question will help a lot!
Here is an example of what I am trying to accomplish:
template.tpl:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>[__TITULO__]</title>
</head>
<body >
<p>Nome: [__NOME__] <br />
Email: [__EMAIL__]<br />
<?php
if ($cidade != "") {?>
Cidade: [__CIDADE__]<br />
<?php
}
?>
Telefone: ([__DDD__]) [__TELEFONE__] <br />
Fax:
([__DDDFAX__]) [__FAX__] <br />
Interesse: [__INTERESSE__]<br />
Mensagem:
[__MENSAGEM__] </p>
</body>
</html>
index.php
<?php
$cidade = "Teste";
$file = file_get_contents('template.php');
$file = str_replace("[__TITULO__]","Esse Título é téste!", $file);
$file = str_replace("[__NOME__]","Cárlos", $file);
$file = str_replace("[__EMAIL__]","moura.kadu#gmail.com", $file);
if ($cidade != "") {
$file = str_replace("[__CIDADE__]",$cidade, $file);
}
echo $file;
?>
I can solve all this just not showing the div that has no content. like if i have a template, and in it i have 2 divs:
<div id="content1">[__content1__]</div>
<div id="content2">[__content2__]</div>
if the time that i set the content to replace the template I set the content1 and not set content 2 the div content2 will not show...
Use htmlspecialchars
That will convert the < > to < and >
You are dealing with two sets of source code here that should never be confused - the server code (PHP, which is whatever is in the <?php ?> tags) and the client (or browser) code which includes all HTML tags. The output of the server code is itself code that gets sent to the browser. Here you are in fact successfully echoing a PHP tag, but it is meaningless to the browser, which is why the browser ignores it and doesn't show anything unless you look at the client code that got sent to it.
To implement templates in this style, either they should not have any PHP code, or the resulting string (which you have stored in $file) should itself be executed as though it were PHP, rather than echoing it straight to the client. There are various ways to do this. One is to parse out the PHP tags in the string, echo everything that is not within the PHP tags and run eval() on everything that is.
Consider the following PHP code for getting RSS news on a site I'm developing:
<?php
$url = "http://dariknews.bg/rss.php";
$xml = simplexml_load_file($url);
$feed_title = $xml->channel->title;
$feed_description = $xml->channel->description;
$feed_link = $xml->channel->link;
$item = $xml->channel->item;
function getTheData($item){
for ($i = 0; $i < 4; $i++) {
$article_title = $item[$i]->title;
$article_description = $item[$i]->description;
$article_link = $item[$i]->link;
echo "<p><h3>". $article_title. "</h3></p><small>".$article_description."</small><p>";
}
}
?>
The data accumulated by this function should be presented in the following HTML format:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"/>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>Новини от Дарик</title>
</head>
<body>
<?php getTheData($item);?>
</body>
</html>
As you see I added windows-1251(cyrillic) and utf-8 encoding but the RSS feed is unreadable if I don't change the browser encoding to utf-8. The default encoding in my case is cyrilic but I get unreadable feed. Any help making this RSS readable in cyrilic(it's from Bulgaria) will be greatly appreciated.
I've just tested your code and the Bulgarian characters displayed fine when I removed the charset=windows-1251 meta tag and just left the UTF-8 one. Want to try that and see if it works?
Also, you might want to change your <html> tag to reflect the fact that your page is in Bulgarian like this: <html xmlns="http://www.w3.org/1999/xhtml" lang="bg" xml:lang="bg">
Or maybe you need to force the web server to send the content as UTF-8 by sending a Content-Type header:
<?php
header("Content-Type: text/html; charset=UTF-8");
?>
Just be sure to include this before ANY other content (even whitespace) is sent to the browser. If you don't you'll get the PHP "headers already sent" error.
Maybe you should take a look at htmlentities.
This can convert to html some characters.
$titleEncoded = htmlentities($article_title,ENT_XHTML,cp1251);