I am using Editor to change the Code Design, But when I retrieve the Code using PHP, it disturbing the Complete page Design.
<p><?php echo substr($postData['short_description'],0,POST_DESCRIPTION_LENGTH); ?>....Read More.</p>
How can i resolve this.?
It could be that the data your are getting through the $postData variable has html elements in it. You should wrap it with the method htmlspecialchars() to sanitize it. This will also protect you from possible XXS-attacks.
Related
I'm trying to create a facebook share button in each of my post, and the share content will be dynamic, which mean I will be able to customize its thumbnail, title and description for each of the post.
below is the code that I use(I'm using advance custom field plugin in wordpress by the way):
<a onClick="window.open('http://www.facebook.com/sharer.php?s=100&p[title]=<?php the_field(videotitle); ?>&p[summary]=<?php the_field(video_description); ?>&p[url]=<?php echo get_permalink(); ?>&p[images][0]=http://img.youtube.com/vi/<?php the_field(youtube_thumb); ?>/maxresdefault.jpg','sharer','toolbar=0,status=0,width=548,height=325');" href="javascript: void(0)" rel="nofollow"></a>
///////////////////////////////////////////////////////////////////////////////////////////////////////
Below is the php that will echo out my content from my CMS:
<?php the_field(videotitle); ?>
<?php the_field(video_description); ?>
<?php echo get_permalink(); ?>
The code works fine, but I noticed when I enter the the title/description too long or use special characters in my post the button stop working.
How should I overcome this? I'm still very new to php, please explain in layman's term if possible and thank you in advance.
The problem is most likely caused by passing in unescaped special characters into a direct javascript call.
Right now, you have the following javascript executing when the link is clicked:
window.open('http://www.facebook.com/sharer.php?s=100&p[title]=<?php the_field(videotitle); ?>&p[summary]=<?php the_field(video_description); ?>&p[url]=<?php echo get_permalink(); ?>&p[images][0]=http://img.youtube.com/vi/<?php the_field(youtube_thumb); ?>/maxresdefault.jpg','sharer','toolbar=0,status=0,width=548,height=325');
You are passing in several PHP variables, which may alter the format of your javascript. For example, let's say the_field(videotitle); returns Maria's Video. If you note, your string has a quote in it due to Maria's.
Now, you if pass this title into your javascript, you're going to have an un-escaped quote, causing a JS error, because it will output like this:
... [title]=Maria's Video ...
To address this, you must format out PHP output to ensure that it will not affect the JS code. In my example, you can encode the outputted strings using the urlencode function included with PHP, like this:
<?php urlencode(get_the_field(videotitle)); ?>
Just remember that passing PHP variables into javascript CAN alter the syntax of your javascript function. If the final javascript function contains syntax errors caused by the PHP output, it will not run.
You can see the javascript errors on the page you are debugging by hitting F12 in your browser and viewing the Console tab.
Sorry for the vague title but it's hard to describe what I mean in a few words.
I made my own cms and use it for all my personal projects. On some pages I want to include a php script in the content area. I load the content simply by echoing the variable that holds the content.
The template file looks like this:
<div id="content">
echo $content;
</div>
In my CRUD I make a post containing a php snippet.
<?php echo "My name is ".$var.""; ?>;
Then I save it and load the page and this is what happens:
<div id="content">
echo <?php echo "My name is ".$var.""; ?>;
</div>
But what I want is that the php code get's executed instead of getting echoed.
Something like the Wordpress plugin Exec-PHP. Can anybody explain to me how to achieve this?
Thanks in advance!
You could use the PHP eval() function to execute PHP code. Be aware though, if you ever allow users to insert text that may at some point be run through eval(), you could end up with some serious problems.
The php website says:
The eval() language construct is very dangerous because it allows
execution of arbitrary PHP code. Its use thus is discouraged. If you
have carefully verified that there is no other option than to use this
construct, pay special attention not to pass any user provided data
into it without properly validating it beforehand.
You can try php eval() func. But it is considered evil.
Rather than use PHP instructions, why don't you output to HTML, and use Javascript to execute what is displayed? There is no danger to your server that way. Others have already warned about the dangers of eval() in PHP.
I'm using drupal-6.22, rules-6.x-1.4, and some modules.
With the help of rules module, I've set a triggered rule, when the condition happens, it execute custom php code.
The custom PHP print some html like this:
<?php echo '<div><span>whatever</span></div>'; ?>
BUT, the html just appears before the !DOCTYPE html tag, is there any method to place the code wherever I want?
(e.g. <div id="header">HERE!</div>)
I think in this case JS is in need, so I use drupal_add_js($output,'inline'), and called an outside function to place the html, still nothing happens.
I think there must be some method to let PHP insert the output into the current DOM tree, is there any known function or variables for this?
Please help, thanks!!
drupal_set_message() seems to be the right thing for you.
I want to remove all javascript codes from a string that contains html code.
For example these are some unwanted javascript codes that may cause problems on your website:
<div onmouseover='window.location = "http://To-Undesirable-Location"'></div>
or
<img onload='window.location = "http://To-Undesirable-Location"'></img>
or
<script language="javascript> ...unwanted code... </script>
Since hackers can use this js functions to redirect your page to some unwanted pages I wonder why there are not some good source to make this type of content safe... On any website there are usually a simple WYSIWYG editor that users can put their html content inside it.
Thanks
I've heard good things on Stack Overflow about HTML Purifier.
hello I'm new to PHP programming and I migrated from ASP .net to PHP..
I have a div just like below
<div id="mydiv"></div>
what I wanted to do is just to change the text and html content(like some name or any data in it) in it.
What I imagine is just like
mydiv=>innertext="some value";
Thanks,
GURU
Are you trying to modify the div in the same page as the php? I don't think that's possible.
PHP runs at the server, and only sees content between the php tags.
If you're modifying dom content, it seems like javascript/jQuery is a better approach for this.
Otherwise, if you're modifying content that is hosted already, and plan output it to a different page, then you can use this:
PHP Simple HTML DOM Parser
$myDivText = "This is what goes inside mydiv";
echo "<div id=\"mydiv\">$myDivText</div>";