I have created an index.php page in MAMP.
My index.php reads exactly like the following. I access it through localhost:8888.
<?php
echo file_get_contents("http://stackoverflow.com");
?>
However, instead of returning the html source code from this page as I believe it would do, it just returns http://stackoverflow.com as a regular webpage, like the webpage you are looking at now.
My MAMP is using PHP 5.5.10. The user_agent is set and allow_url_fopen is on.
I am severely confused. I would very much appreciate any explanations :)
It IS returning the html and the browser is interpreting it.
You can try wrap the output in tags:
<?php
echo '<code>' . file_get_contents("http://stackoverflow.com") . '</code>';
?>
Or set headers as text/plain instead of html:
<?php
header('Content-Type: text/plain');
echo file_get_contents("http://stackoverflow.com");
?>
Or if you want to keep the headers and not inject the output into code tags:
<?php
echo htmlspecialchars(file_get_contents("http://stackoverflow.com"));
?>
I prefer the last one.
If you want to see the plain text you can use the following,
<?php
header('Content-Type:text/plain');
echo file_get_contents("http://stackoverflow.com");
?>
What you see in your version is correct, since the HTML is rendered by your internet browser.
The results of a php script are by default sent to the bowser, so your code
<?php
echo file_get_contents("http://stackoverflow.com");
?>
Is reading the web page and then sending it to your browser. So it looks like it is just showing the page you read.
If you change it to
<?php
$page = file_get_contents("http://stackoverflow.com");
?>
Then you can do something with the web page source stored in $page.
Related
I am using ckeditor in a simple cms i build with the following configuration.
<script>
if ($("#editor").length) {
CKEDITOR.replace('editor', {
language: 'en',
allowedContent: true,
});
CKEDITOR.config.protectedSource.push(/<\?[\s\S]*?\?>/g);
}
</script>
It works great if go to the source tab on the editor and type some php code like the following:
<?php echo "hello"; ?>
it gets saved on the database as <?php echo "hello"; ?>
so far so good
Now my problem is when getting that from the database and displaying it on the browser it does no appear.
I did a var_dump on the variable that has the code and i see the following:
...modules\pages\views\base.php:38:string '<?php echo "hola"; ?>' (length=21)
So the value does exist and its reaching the view, i dont undestand why it is not showing up on the page.
the page is template.php
if i look at the source code my php code is beingg commented
<!--?php echo "hola"; ?-->
and this is how i am trying to display the code
if i do the following
<div class="article-content-container">
<?php echo $this->security->xss_clean($content); ?>
</div>
it is displayed like
<div class="article-content-container">
<?php echo "hola"; ?><!--?php echo "hola"; ?-->
</div>
if i displayed like this
<div class="article-content-container">
<?php echo $content; ?>
</div>
it gets commented.
I hope i was clear,any help would be appretiated.
Thanks guys-
Browsers don't interpret PHP code, and they don't know the slightest thing about it. They never have and they never will. PHP code is executed on the server; from there it produces some output that is echoed to the client's browser, usually HTML, but can also be CSS or JavaScript, images or other downloadable files.
If you output PHP code, the most the visitor can do with it is manually save it to a local file, install their own PHP software, and run it in that. It's never going to magically run in the browser, no matter what you do.
If you want to run some code in the browser, it must be JavaScript. If you want to run some PHP code on the server, don't echo it, eval it:
<div class="article-content-container">
<?php eval($content); ?>
</div>
Note that eval treats its input as already having a PHP open tag, so you would pass echo "hello"; to it rather than <?php echo "hello"; ?>. You can still use ?> within the eval'd code to drop back to HTML+PHP mode if you need to.
Either PHP or JavaScript code could trivially be designed to be hostile, and so submitting any markup or code for execution on your website must be treated as a privileged action. You must make sure not to allow anyone who is not an authenticated administrator of your website to do it. There are ways to sandbox or purify such code if you really have to allow random people to run it, but that is more complex. CodeIgniter's xss_clean is an incomplete attempt to stop XSS, and is certainly not designed for executing user-submitted code safely, although it will mangle code and make it annoying to write.
In general:
If you need to execute submitted PHP then use eval($content);.
If you need to output submitted HTML, which may include executable JavaScript, then use echo $content;.
If you need to output submitted plain text (which is the only form where it is normally safe to allow input from users), then use echo htmlspecialchars($content);.
If you don't save your php tags in the database, you could use eval() for running the saved code:
eval($this->security->xss_clean($content));
Only when the saved bit is not surrounded by <?php and/or ?>
EDIT: Letting people run code from a database or even saving code in a database is a potential risk. It could be exploited.
Rookie here, so please correct me if I have anything wrong.
So here's a snippet of my HTML:
<html><body>
<h2>Home Page</h2>
Welcome back <?= $fgmembersite->UserFullName(); ?>!
</body></html>
The function, $fgmembersite->UserFullName(), returns a string (100%, if I call the function within tags it prints out correctly). How do I get it to echo out in the HTML?
I think an alternative would be to echo the entire HTML code, and I think it'd work then, but I don't want to do it that way because I read somewhere that echoing all of your HTML is bad. Could somebody also confirm/deny that?
Right now, this is what shows on the site:
Welcome back UserFullName(); ?>!
No idea why
Thanks for your time!
I think you want the code to look like this...
Welcome back <?php echo $fgmembersite->UserFullName(); ?>!
This will ECHO the result of the function call.
What you are seeing is the result of the browser trying to parse the PHP. It is trying to treat <?= $fgmembersite-> as an unknown tag and then renders the rest as text.
There are two possible reasons for this:
You need to pass it through a PHP engine first.
You need to access the file through a web server which supports PHP and is configured to run your file through PHP when it is requested (typically this is done by using a .php file extension).
Note that installing a web server then double clicking a PHP file in your file manager isn't sufficient - the browser will just load the file from the file system. You need to type http://etc etc.
It is also possible that you have short_open_tag disabled (which is common and sensible) and are using PHP 5.3 or older (which isn't a great idea, 5.3 is still supported but it is the oldest branch that is).
If this is the case, your options are:
Upgrade PHP
Use <?php echo ... ?> instead of <?= ... ?>
Enable short_open_tag
Can't you just do
<?php echo $fgmembersite->UserFullName(); ?>
?
use it as follows:
<html><body>
<h2>Home Page</h2>
Welcome back <?php echo $fgmembersite->UserFullName(); ?>!
</body></html>
Do you have short_open_tag enabled on your server? You need to have that enabled to use that syntax. If you don't have that, use <?php echo $fgmembersite->UserFullName(); ?> like the other users suggested.
You can check the setting on you server by creating a file containing <?php phpinfo(); in it, and accessing that.
Also, echoing all your HTML inside the <?php tags are considered a bad practice because you should separate your business logic and your HTML. Echoing HTML directly from inside the PHP tags quickly leads to a mix of HTML and PHP, and it will be harder to read (for others, and yourself later on)
How would one go about showing PHP code on user end. Sort of like w3School does?
Having lets say a grey area div, and then showing the code in there without activating it?
You can use html entities <?php in the html it will be rendered as <?php
You can use htmlspecialchars to encode your code to use html entities.
Use <pre> or <code> tags to wrap your code.
Take a look at http://php.net/manual/en/function.highlight-string.php to further see how you can make the code look pretty.
Since passing a large block of code to highlight_string() can be messy, you may want to look at output buffering in combination with highlight_string to output colorized php code.
Something like:
<?php
ob_start();
?>
phpinfo();
echo "this echo statement isn't executed";
<?php
$code = ob_get_clean();
highlight_string($code);
?>
Simply you can use following code to display php code on webpage.
highlight_string("<?php print('This is php code.'); ?>");
It will give output like
<?php print('This is php code.'); ?>
The first step is to not wrap that code in PHP tags. So instead of this:
<?
var sample = "code";
?>
You would have this:
var sample = "code";
It's not the code itself which triggers the server-side compile from the PHP engine, it's the tags which indicate to that engine what blocks of the file are code and what are not. Anything that's not code is essentially treated as a string and output to the page as-is for the browser to interpret.
Once you're outputting the code, it's then a matter of formatting it. The old standard is to wrap it in pre tags to get rid of HTML-ish formatting:
<pre>
var sample = "code";
</pre>
You can also apply CSS style to the pre tags (or any other tags you want to use for displaying code, such as div) as you see fit.
There are also very useful code syntax highlighting plugins and tools to make the code a lot "prettier". Google-code-prettify often comes highly recommended.
Typically this is done by showing code within <pre> or <code> tags.
You can use this template........
######################################################################
echo "<h2><br>Source Code of ".basename((string)__FILE__) . "</h2><hr>";
show_source(__FILE__);
echo "<hr>";
echo "<h2>Output of ".basename((string)__FILE__) . "<hr></h2>";
#######################################################################
It will show the source code and output following.
use the header function of php, this will rea
<?php
header("content-type: text/plain");
?>
The PHP code will just be a string that you can echo or print onto the page, no different than any other data you want PHP to display for you. If you want to keep the formatting (ex. the indentation), put it inside a <pre><code> block.
Ex:
$php_code = '<?php $foo = bar; ?>';
echo "<pre><code>$php_code</code></pre>";
How do I print php code in a print / echo ?
What I mean is this:
<?php echo "<?php ?>"; ?>
Should output: <?php ?> on my screen, but I receive a blank page. Any special escaping that I have to use ?
<?php echo htmlspecialchars('<?php ?>'); ?>
Akam's solution sorts out the PHP, if the Content-Type of the returned file is HTML.
Alternately, you could change the Content-Type to Text, thereby bypassing the HTML rendering.
<?php
header( 'Content-type: text/plain' );
echo '<?php ?>';
?>
Of course, this would affect the whole page, and not just a segment of it. As such, it would be useful it you were displaying the contents of a PHP script file as a standalone page, but if you were wanting to show snippets of PHP code within an HTML page, then Akam's solution would be better suited for that.
If you print and you pretend to see it as HTML, the browser will interprete the tag and show nothing, but you will still be able to see it if you look at the source code.
To show the < and > tags properly you should use < and > or use the htmlentities() or htmlspecialchars() functions:
<?php
echo htmlentities( '<?php ?>' );
?>
There is another solution built on str_replace which accepts arrays for its parameters search and replace.
<?php
echo str_replace(array('<','>'),array('<','>'),'<?php ?>');
?>
Check out the following demo: http://phpfiddle.org/main/code/3hp-itx
Here is my code
<html>
<body>
<?php
echo "<b>Hello World</b> <br />";
?>
</body>
</html>
I have named the file as test.php but I dont get the desired output in my firefox 3.6 browser.
Output
Hello World
"; ?>
Sounds like you haven't configured PHP properly. Refer to the PHP documentation and the documentation for your web server.
Have to copied the file to a server with PHP installed? If you just try to open the file in Firefox, it'll just trying to display the whole thing as HTML, which isn't going to do what expect.
In a page called index.php put this code:
<?php phpinfo(); ?>
and see what happens.