I have a string (a c code) in a vairable. I want to print it php. But i don't why everything after double quotes in not printing.. pls help. Below is the code.
$answer_something='printf("\\n")';
echo $answer_something;
//OUTPUT: printf(
//WHAT I WANT TO PRINT IS printf("\\n");
The PHP syntax for strings is explained in the Strings chapter of the manual. To produce static strings with code samples into variables I'd go for nowdoc:
<?php
$str = <<<'EOD'
printf("\\n");
You can write almost anything you want. No 'escaping' "needed" \r \n \
EOD;
var_dump($str);
Of course, this does not apply if you read information from the $_POST superglobal array: the array will automatically contain whatever the user submitted.
How about using:
$x = 'printf("\\\\n");';
echo $x;
I suppose this is for some kind of trivia / questionnaire. You have to escape each backslash with 2 backslashes.
You can check the output here: http://ideone.com/fFvb28
try this:
$answer_something = $_POST['option'];
if($answer_something == '\\n'){
printf("\\n");
}
Related
I'm a designer trying to upgrade myself into a coder-designer. Lately I've been looking into some PHP codes and manuals, then I ran into an example code for the eval() function :
<?php
$string = 'cup';
$name = 'coffee';
$str = 'This is a $string with my $name in it.';
echo $str. "\n";
eval("\$str = \"$str\";");
echo $str. "\n";
?>
This is an example code of eval() function in official PHP website, and although it did help me understand the eval() function, I can't figure out how the example code works. to be more specific, I can't understand why
("\$str = \"$str\";")
results in a merged string.
I really can't figure out why this should work.
Ok, here is what we have:
eval("\$str = \"$str\";")
Look, the string is in double quotes: it means that the $ character will be interpreted as a variable start. So we screen this character with a backslash: \$, then it will "mean" just a normal dollar sign. Also, the double quotes inside the string had to be screened too.
In the end we are getting this string: (I changed the quotes to single so $ dont confuse you): '$str = "$str";'. Look, it looks more like a normal code now :)
Evaling it, PHP will do the following (I removed the outer quotes for convenience):
eval( $str = "$str" );
Notice the double quotes here, too. It means that the variable inside, again, will be parsed/interpreted.
As $str was originally == 'This is a $string with my $name in it.', it will be inserted into the expression, and now it will look like:
$str = "This is a $string with my $name in it.";
And, again, double quotes! It parses and substitutes variables $name and $string, giving us at the end:
$str = "This is a cup with my coffee in it."
Voila!
A mindbreaker, but a really good example to learn the mechanisms.
you should get two console.log like this
This is a $string with my $name in it.';
This is a $cup with my $coffe in it.';
Why? well first you print the value, of $str , without eval, and later, you eval them, basically this happens,
First.
Print $str, without eval.
This is a $string with my $name in it.';
Second
this piece of code, runs eval("\$str = \"$str\";");
Eval replace $string and $name. with the 2 new variables values, which are $cup and $coffe
Hope you get it
i have searched this function on google a lot. However, i can't understand this function clearly.
i have a example:
<?php
//eval dangerous to use
$motto="lksdfasdkf";
$str= "<h1>Welcome</h1><?php echo $motto;?><br/>";
echo $str.'<br />'; //result: welcome
eval("?>"." $str"."<?php echo $motto;"); //error
echo $str;
?>
eval() takes a string and evaluates it as PHP code. Here are some important points to note:
eval() takes PHP Code as it's argument -- not mixed HTML markup. Currently, you're passing a string containing HTML markup.
You don't need to add <?php ... ?> tags in the string. eval() already knows the argument is going to be PHP code (it's supposed to be), so you don't need to tell it
Here's a very short example:
$motto = "lksdfasdkf";
$str = 'echo $motto;';
eval($str); // => lksdfasdkf
Here, the string $str contains the literal string echo $motto;, which is a valid statement in PHP. When you call eval($str); the string gets evaluated as PHP code. In this case, it will echo the contents of the variable.
Note that this wouldn't work if you use double-quotes instead:
$motto = "lksdfasdkf";
$str = "echo $motto;";
eval($str);
If you have error reporting enabled, then you'll get the following error:
Notice: Use of undefined constant lksdfasdkf - assumed 'lksdfasdkf' in
The reason is that variables are not parsed when they're wrapped in single-quotes. When you use double-quotes to define your variable, the variable value gets interpolated into the resulting string, meaning $str will contain the literal string echo lksdfasdkf; -- which is not valid PHP code. The solution is to escape the dollar character to avoid it being interpreted as a variable:
$motto = "lksdfasdkf";
$str = "echo \$motto;";
eval($str); // => lksdfasdkf
eval — Evaluate a string as PHP code - your code also working fine
try
$motto="lksdfasdkf";
$str= "<h1>Welcome</h1>$motto<br/>";
echo $str.'<br />'; //result: welcome
eval("\$str = \"$motto\";");
echo $str;
Basically I need a regex expression to match all double quoted strings inside PHP tags without a variable inside.
Here's what I have so far:
"([^\$\n\r]*?)"(?![\w ]*')
and replace with:
'$1'
However, this would match things outside PHP tags as well, e.g HTML attributes.
Example case:
Here's my "dog's website"
<?php
$somevar = "someval";
$somevar2 = "someval's got a quote inside";
?>
<?php
$somevar3 = "someval with a $var inside";
$somevar4 = "someval " . $var . 'with concatenated' . $variables . "inside";
$somevar5 = "this php tag doesn't close, as it's the end of the file...";
it should match and replace all places where the " should be replaced with a ', this means that html attributes should ideally be left alone.
Example output after replace:
Here's my "dog's website"
<?php
$somevar = 'someval';
$somevar2 = 'someval\'s got a quote inside';
?>
<?php
$somevar3 = "someval with a $var inside";
$somevar4 = 'someval ' . $var . 'with concatenated' . $variables . 'inside';
$somevar5 = 'this php tag doesn\'t close, as it\'s the end of the file...';
It would also be great to be able to match inside script tags too...but that might be pushing it for one regex replace.
I need a regex approach, not a PHP approach. Let's say I'm using regex-replace in a text editor or JavaScript to clean up the PHP source code.
tl;dr
This is really too complex complex to be done with regex. Especially not a simple regex. You might have better luck with nested regex, but you really need to lex/parse to find your strings, and then you could operate on them with a regex.
Explanation
You can probably manage to do this.
You can probably even manage to do this well, maybe even perfectly.
But it's not going to be easy.
It's going to be very very difficult.
Consider this:
Welcome to my php file. We're not "in" yet.
<?php
/* Ok. now we're "in" php. */
echo "this is \"stringa\"";
$string = 'this is \"stringb\"';
echo "$string";
echo "\$string";
echo "this is still ?> php.";
/* This is also still ?> php. */
?> We're back <?="out"?> of php. <?php
// Here we are again, "in" php.
echo <<<STRING
How do "you" want to \""deal"\" with this STRING;
STRING;
echo <<<'STRING'
Apparently this is \\"Nowdoc\\". I've never used it.
STRING;
echo "And what about \\" . "this? Was that a tricky '\"' to catch?";
// etc...
Forget matching variable names in double quoted strings.
Can you just match all of the string in this example?
It looks like a nightmare to me.
SO's syntax highlighting certainly won't know what to do with it.
Did you consider that variables may appear in heredoc strings as well?
I don't want to think about the regex to check if:
Inside <?php or <?= code
Not in a comment
Inside a quoted quote
What type of quoted quote?
Is it a quote of that type?
Is it preceded by \ (escaped)?
Is the \ escaped??
etc...
Summary
You can probably write a regex for this.
You can probably manage with some backreferences and lots of time and care.
It's going to be hard and your probably going to waste a lot of time, and if you ever need to fix it, you aren't going to understand the regex you wrote.
See also
This answer. It's worth it.
Here's a function that utilizes the tokenizer extension to apply preg_replace to PHP strings only:
function preg_replace_php_string($pattern, $replacement, $source) {
$replaced = '';
foreach (token_get_all($source) as $token) {
if (is_string($token)){
$replaced .= $token;
continue;
}
list($id, $text) = $token;
if ($id === T_CONSTANT_ENCAPSED_STRING) {
$replaced .= preg_replace($pattern, $replacement, $text);
} else {
$replaced .= $text;
}
}
return $replaced;
}
In order to achieve what you want, you can call it like this:
<?php
$filepath = "script.php";
$file = file_get_contents($filepath);
$replaced = preg_replace_php_string('/^"([^$\{\n<>\']+?)"$/', '\'$1\'', $file);
echo $replaced;
The regular expression that's passed as the first argument is the key here. It tells the function to only transform strings to their single-quoted equivalents if they do not contain $ (embedded variable "$a"), { (embedded variable type 2 "{$a[0]}"), a new line, < or > (HTML tag end/open symbols). It also checks if the string contains a single-quote, and prevents the replacement to avoid situations where it would need to be escaped.
While this is a PHP solution, it's the most accurate one. The closest you can get with any other language would require you to build your own PHP parser in that language to some degree in order for your solution to be accurate.
I ran into a block of code that executes print with double quotes around the argument. The argument contained a variable that was seemingly escaped by a dollar sign. Is that how a variable is called inside double quotes in php?
print("$$owed");
Here's the full block from the source:
<html>
<head>
<title>Loans</title>
</head>
<body>
<?php
$interest_rate = .14;
function YouOweMe($cost, $interest_rate) {
$weekly_payment = ($cost*$interest_rate);
print "You better pay me $$weekly_payment every week, or else!";
}
<font color="#000000">YouOweMe($cost, $interest_rate);
?>
</body>
</html>
I had to strip the numbers. So annoying.
Anyway, ... What doesn't make sense to me is that $$owed is supposed to, what? Create a new variable from a separate variable that contains a string 'owed'? That doesn't seem practical in any situation. Isn't $$owed just to get a dollar sign before the amount?
Here is an example to understand variable variables :
<?php
$var = "test";
$test = "hey !";
echo "$$var"; //$test
echo "${$var}"; //hey !
echo '$$var'; //$$var
?>
Edited according to comments.
In PHP, a variable is escaped with $ when inside a string defined with double quotes. This does NOT work with single quotes.
$string = "world";
echo "Hello ${string}";
#### outputs "Hello World"
That is how you put a variable into a string (you need the double quotes).
What you have is variable-variable. You can call a variable $foo by using a string with foo in it.
$string = 'foo';
$foo = 'hello world';
echo "I say, ${$string}";
Would output "hello world.
There are a couple of ways to use variables inside double quotes, some common ways are
print("$owed") will print the value of $owed
print("$$owed") is called a "variable variable" (as linked previously)
$owed = "test";
$test = 16;
print("$$owed");
will print out "$test".
Another use of this comes in the form of print("${$owed}"), which takes the value of $test and uses it as the variable name.
I strongly advise you to use single quotes and concatenate the variables needed, as it saves the time for evaluating variables in out, e.g.:
$owed = 42;
print('The value is: ' . $owed);
lg,
flo
I am trying to read the data with $_POST which has been sent through a form. the form sends the data in octal format. this is part of the form:
<input type="hidden" name="chap-challenge" value="\314\130\024\000\350\025"
the problem is that,
echo $_POST['chap-challenge'];
would give me the literal string:
\314\135\024\000\354\025
which is not the same as
echo "\314\135\024\000\354\025";
how can i somehow convert that string to a double-quoted one so that it could understand they are octal values?
You can evaluate it as php expression, but it lacks in security - example.
<?php
echo "\100\101\102\103\104\n";
$c = '\100\101\102\103\104';
eval( '$c2="'.$c.'";' );
echo $c,"\n";
echo $c2;
Edit:
Also you can parse it for your own - example:
<?
echo "\100\101\102\103\104\n";
$c = '\100\101\102\103\104';
$c2 = explode('\\',$c);
$c3 = array();
$c4 = array();
foreach($c2 as $cc) {
$c3[] = octdec($cc);
$c4[] = chr(octdec($cc));
}
$c4 = implode('',$c4);
echo $c,"\n";
var_dump($c3);
var_dump($c4);
Edit:
To remove first item from array use: array_shift function.
$_POST does not use any quotes for it's strings. It just does not evaluate them. Quotes are for programmer. You'll need to process this string a little, then feed it into base_convert() function
Perhaps you can solve the problem by storing the html entities of those characters, or using PHP to generate them.
<input name="chap-challenge" value='<?php echo "\100\130\024\000\350\025" ?>
$_POST['chap-challenge'] will now begin with %40, which is translated by PHP as #, etc.
To actually answer your question, though:
Any string passed to MySQL, even if it had been single quoted, is treated and stored as though it had been double-quoted and evaluated.
Theoretically, you can setup a db on a safely sandboxed server, pass in Request, get the result, and then mysql_escape the response before use:
$str = '\100Bobby \"Tables \n';
mysql_query("UPDATE parse SET str = '$str' WHERE id='0'");
$out = mysql_query("SELECT str FROM parse WHERE id='0'");
//echo array_pop(mysql_fetch_array($out)); echoes #Bobby "Tables
$out = mysql_real_escape_string(array_pop(mysql_fetch_array($out)));
mysql_query("...")// Using the correct yet safe string
More practically, this means that if there was some way to turn a string into a mysql resource, it would be a safe an effective way of converting a single-quoted string to a double-quoted string.
Unfortunately, the fine folks at PHP say "converting to a resource makes no sense."
Perhaps someone knows a hack?