Rookie here, so please correct me if I have anything wrong.
So here's a snippet of my HTML:
<html><body>
<h2>Home Page</h2>
Welcome back <?= $fgmembersite->UserFullName(); ?>!
</body></html>
The function, $fgmembersite->UserFullName(), returns a string (100%, if I call the function within tags it prints out correctly). How do I get it to echo out in the HTML?
I think an alternative would be to echo the entire HTML code, and I think it'd work then, but I don't want to do it that way because I read somewhere that echoing all of your HTML is bad. Could somebody also confirm/deny that?
Right now, this is what shows on the site:
Welcome back UserFullName(); ?>!
No idea why
Thanks for your time!
I think you want the code to look like this...
Welcome back <?php echo $fgmembersite->UserFullName(); ?>!
This will ECHO the result of the function call.
What you are seeing is the result of the browser trying to parse the PHP. It is trying to treat <?= $fgmembersite-> as an unknown tag and then renders the rest as text.
There are two possible reasons for this:
You need to pass it through a PHP engine first.
You need to access the file through a web server which supports PHP and is configured to run your file through PHP when it is requested (typically this is done by using a .php file extension).
Note that installing a web server then double clicking a PHP file in your file manager isn't sufficient - the browser will just load the file from the file system. You need to type http://etc etc.
It is also possible that you have short_open_tag disabled (which is common and sensible) and are using PHP 5.3 or older (which isn't a great idea, 5.3 is still supported but it is the oldest branch that is).
If this is the case, your options are:
Upgrade PHP
Use <?php echo ... ?> instead of <?= ... ?>
Enable short_open_tag
Can't you just do
<?php echo $fgmembersite->UserFullName(); ?>
?
use it as follows:
<html><body>
<h2>Home Page</h2>
Welcome back <?php echo $fgmembersite->UserFullName(); ?>!
</body></html>
Do you have short_open_tag enabled on your server? You need to have that enabled to use that syntax. If you don't have that, use <?php echo $fgmembersite->UserFullName(); ?> like the other users suggested.
You can check the setting on you server by creating a file containing <?php phpinfo(); in it, and accessing that.
Also, echoing all your HTML inside the <?php tags are considered a bad practice because you should separate your business logic and your HTML. Echoing HTML directly from inside the PHP tags quickly leads to a mix of HTML and PHP, and it will be harder to read (for others, and yourself later on)
Related
I am using ckeditor in a simple cms i build with the following configuration.
<script>
if ($("#editor").length) {
CKEDITOR.replace('editor', {
language: 'en',
allowedContent: true,
});
CKEDITOR.config.protectedSource.push(/<\?[\s\S]*?\?>/g);
}
</script>
It works great if go to the source tab on the editor and type some php code like the following:
<?php echo "hello"; ?>
it gets saved on the database as <?php echo "hello"; ?>
so far so good
Now my problem is when getting that from the database and displaying it on the browser it does no appear.
I did a var_dump on the variable that has the code and i see the following:
...modules\pages\views\base.php:38:string '<?php echo "hola"; ?>' (length=21)
So the value does exist and its reaching the view, i dont undestand why it is not showing up on the page.
the page is template.php
if i look at the source code my php code is beingg commented
<!--?php echo "hola"; ?-->
and this is how i am trying to display the code
if i do the following
<div class="article-content-container">
<?php echo $this->security->xss_clean($content); ?>
</div>
it is displayed like
<div class="article-content-container">
<?php echo "hola"; ?><!--?php echo "hola"; ?-->
</div>
if i displayed like this
<div class="article-content-container">
<?php echo $content; ?>
</div>
it gets commented.
I hope i was clear,any help would be appretiated.
Thanks guys-
Browsers don't interpret PHP code, and they don't know the slightest thing about it. They never have and they never will. PHP code is executed on the server; from there it produces some output that is echoed to the client's browser, usually HTML, but can also be CSS or JavaScript, images or other downloadable files.
If you output PHP code, the most the visitor can do with it is manually save it to a local file, install their own PHP software, and run it in that. It's never going to magically run in the browser, no matter what you do.
If you want to run some code in the browser, it must be JavaScript. If you want to run some PHP code on the server, don't echo it, eval it:
<div class="article-content-container">
<?php eval($content); ?>
</div>
Note that eval treats its input as already having a PHP open tag, so you would pass echo "hello"; to it rather than <?php echo "hello"; ?>. You can still use ?> within the eval'd code to drop back to HTML+PHP mode if you need to.
Either PHP or JavaScript code could trivially be designed to be hostile, and so submitting any markup or code for execution on your website must be treated as a privileged action. You must make sure not to allow anyone who is not an authenticated administrator of your website to do it. There are ways to sandbox or purify such code if you really have to allow random people to run it, but that is more complex. CodeIgniter's xss_clean is an incomplete attempt to stop XSS, and is certainly not designed for executing user-submitted code safely, although it will mangle code and make it annoying to write.
In general:
If you need to execute submitted PHP then use eval($content);.
If you need to output submitted HTML, which may include executable JavaScript, then use echo $content;.
If you need to output submitted plain text (which is the only form where it is normally safe to allow input from users), then use echo htmlspecialchars($content);.
If you don't save your php tags in the database, you could use eval() for running the saved code:
eval($this->security->xss_clean($content));
Only when the saved bit is not surrounded by <?php and/or ?>
EDIT: Letting people run code from a database or even saving code in a database is a potential risk. It could be exploited.
How can I replace the text on the active document body on a PHP file on code execution?
Do I have to import a file, replace text on it and then echo it or can I just manipulate the document I run the PHP script on?
I am trying to use templates for easier HTML editing like :usernamecomeshere: and then replacing that :usernamecomeshere: with the actual value. I am wondering If I can do it on one file only instead of loading a file and then displaying it.
If I'm getting your question correctly, you don't need to important a file and echo the document. You can directly manipulate the document itself. For example, in the below sample, you can directly echo the contents of $username in a way that's interspersed with HTML code.
index.php
<?php
// handle code to login
$username = "David";
?>
<html>
<body>
<p>Hello, your username is <?php echo $username ?></p>
</body>
</html>
Worth pointing out is that PHP itself is a templating engine. If you want to replace text, you can do it using PHP such as:
<?php
$user = 'Ugur';
?>
<html><head></head>
<body>
<h1>Hello <?php echo $user; ?></h1>
</body>
</html>
Beyond this sort of simple usage, you may want to look at various template engines, which allow you to do much more elegant things, but are more complex. Take a look at mustache, perhaps?
If you're trying to make these modifications after the page has loaded, remember that PHP runs on the server-side, not the user-side. For that, you need Javascript.
you'll want to look up str_replace() on google. You can search an entire string and replace specified keywords simply.
I am building my website completely in PHP. I am trying to make it as much flexible as possible.
I have seen there are some softwares made in PHP that are able to get a HTML page, and before showing it, the PHP code recognizes the code inside brackets {PHP Code} as PHP code, runs it and only then shows the final page.
<h1>Hi My Name is {echo $name}</h1>
How can I achieve the same? I know there is Smarty Code. But I do not want to learn Smarty, I just want to know how to check a HTML page with PHP, find every bracket and threat that as PHP before showing the page..?
Can you point me somewhere?
Are you looking for PHP's basic syntax?
If you enable short_open_tags (it usually is enabled by default), this will work:
<h1>Hi My Name is <?=$name?></h1>
otherwise, this will always work:
<h1>Hi My Name is <?php echo $name; ?></h1>
PHP is already a templating language - there often is no need to add another layer of templating on top of it.
I want to keep the template files separated from the php engine
In fact, you don't
Your template files would behave as native PHP files in every way.
So, there is asolutely no [logical] reason to prefer such a strange solution over native PHP.
use the php tags for the echo statement.
<h1>Hi my name is <?php echo $name; ?></h1>
Well, just point apache to index.php which includes phtml templates into itself. Use <?php ?> instead of { }.
I usually create modular websites, each part of the website being a .php file which will be included in the main pages.
Is it "better" to output HTML within PHP files using echo or to close each time the php tag ?> and open it each time I need to access a PHP function/variable.
V1:
<?php
$v1=$_POST['name'];
echo "Your name is".$v1;
echo $v1." if you want, you can log out";
?>
V2:
<?php $v1=$_POST['name']; ?>
Your name is <?php echo $v1; ?>
<?php echo $v1;?> if you want, you can log out
The thing is that between the php tags there's much more HTML code (echoed) than actual PHP.
Does it affect the script performance if I close the tags each time? And is it safe to acces variables declared in a previous block of php code?
EDIT1:
When closing the php tags isn't the server clearing some cache for that script, or something like that?
I think you can select whatever you want, but you should use it everywhere. For myself, second one is better
Definitely v2. Plus , you additionally should read this one : http://codeangel.org/articles/simple-php-template-engine.html (archive link: http://archive.is/CiHhD).
Using V2 would be better as it wouldn't break the syntax highlighting or code completion in many IDEs, but both of them are as good as the other.
As far as I know, there is no (considerable) difference in performance.
You could also consider using a template engine, however, that does impact performance. The most popular template engine is Smarty, but there are others (some better, some worse) out there.
I'm having problems embedding php inside an html file.
I first ran in to this problem when I was trying to 'include' a php file inside tags, and thought it was related to css formatting, or something. But now I've broken this down into the simplest php and html possible, with an example from a book that should work, and I'm still getting this problem. Here's the html sample that doesn't work:
<HEAD>
<TITLE>PHP inside HTML tester</TITLE>
</HEAD>
<BODY>
<?php
echo "Hello World";
?>
</BODY>
</HTML>
I'm expecting 'Hello World' to show up in my browsers, but nothing is displayed. When I try to 'view source', I see exactly the text above. I figure that after all the examples of this I've tried, the code is ok, but something is keeping what's inside the from being recognized.
Any suggestions? And thanks for helping me out with what's probably a dumb question.
There is something wrong with your PHP installation. The web server isn't passing requests for PHP pages off to the PHP interpreter.
If you did indeed save the file as an .html file, then your PHP code will never execute because most web servers have their handler mappings set to route only PHP (.php, .phtml, or .inc extensions) files to the PHP interpreter.
Looks like your server is not able to handle php or your server does not know how to handle the file type with - this code is in.