Is it possible to send PHP code to the browser?
The site currently have PHP and jQuery available.
For example:
<?php echo "HELLO"; ?>
this will show as HELLO on the client side:
Hello
I want to make it so the client/browser will receive:
<?php echo "HELLO"; ?>
Possible structure:
index.php (Main Page)
edit.php (A page that will show the source code of index.php including the PHP ad allows me to edit it (and will save server-side))
This is for a temporal on-the-site source code editing (because I cannot access cPanel in certain places).
edit.php
<?php
$cont = file_get_contents('index.php');
echo $cont;
?>
Not like such. Whenever the interpreter sees
<?php echo "HELLO"; ?>
In order to get the contents from an external file you could use file_get_contents('filename.php');
or
<?php echo htmlentities(file_get_contents('filename.php')); ?>
PHP has a built in syntax highlighter which could help you when outputting the PHP code.
$string = '<?php echo "abc..."; ?>';
highlight_string($string);
Alternatively you could output a PHP file with syntax highlighting by using
highlight_file('index.php');
Related
The intent of this is to have users submit applications to the client and for the client to review their information and select the best application. I am trying to display a document from a file server onto the php web page. MySQL code holds the path of the file and I'm using readfile(). I thought maybe it was the encoding or maybe it was the file type but nothing I do seems to be working. I tried using a different filetype and I tried using mb_convert_encoding to modify the encoding.
<?php foreach ($applications as $application) : ?> <p> Name: <?php echo $application['fname']; ?> <?php echo $application['mname']; ?> <?php echo $application['lname']; ?><br /></p>
<?php
readfile ($file); ?>
<?php endforeach; ?>
Here's an example of the symbols that are displaying:
PK!���Ʌ)[Content_Types].xml �(�̕MK�#���!�U�m+�H��8j� ^��I���N�������Vۊ�#23���0;� �F'sQ9��N�f X�re'{=��YQ�\hg!c+�l�??�VbB�6fl��o8�r F��y�)\0�5L��ML�w��+.�E���R��{wP����~I�k�:��N,�2&��J �8����Kk�Re����J|�C��]�D� *�d(> CY|�B�s'g�*��28]Q( M}�惓#��贉���&9��̫�!�ap>v�iDK=������p���LD\i�ǟ�Zw�= R�)��;0~>�'� ���X��1�H�������fI����v �8���,�[~��oI���A��s��]�#�� �������PK!�U~��_rels/.rels �(���MK1���!̽;�"��^D�Md�C2��������(�.Ե�3y��3C֛��+�4xW��(A������yX܂JB���Wp����b��#InJ�����E�b�=[J���M�%���a �B�,o0�f#=a��� n�����o�A��;�N�
The file I'm trying to read is .doc file.
$file seems undefined; assuming $application holds all the application data you want to display to the client, then you should be doing:
<?php readfile($application['file']); ?>
If this isn't working then you aren't using the correct path - try debugging like this:
<?php var_dump($application['file'], file_exists($application['file'])); ?>
I am using ckeditor in a simple cms i build with the following configuration.
<script>
if ($("#editor").length) {
CKEDITOR.replace('editor', {
language: 'en',
allowedContent: true,
});
CKEDITOR.config.protectedSource.push(/<\?[\s\S]*?\?>/g);
}
</script>
It works great if go to the source tab on the editor and type some php code like the following:
<?php echo "hello"; ?>
it gets saved on the database as <?php echo "hello"; ?>
so far so good
Now my problem is when getting that from the database and displaying it on the browser it does no appear.
I did a var_dump on the variable that has the code and i see the following:
...modules\pages\views\base.php:38:string '<?php echo "hola"; ?>' (length=21)
So the value does exist and its reaching the view, i dont undestand why it is not showing up on the page.
the page is template.php
if i look at the source code my php code is beingg commented
<!--?php echo "hola"; ?-->
and this is how i am trying to display the code
if i do the following
<div class="article-content-container">
<?php echo $this->security->xss_clean($content); ?>
</div>
it is displayed like
<div class="article-content-container">
<?php echo "hola"; ?><!--?php echo "hola"; ?-->
</div>
if i displayed like this
<div class="article-content-container">
<?php echo $content; ?>
</div>
it gets commented.
I hope i was clear,any help would be appretiated.
Thanks guys-
Browsers don't interpret PHP code, and they don't know the slightest thing about it. They never have and they never will. PHP code is executed on the server; from there it produces some output that is echoed to the client's browser, usually HTML, but can also be CSS or JavaScript, images or other downloadable files.
If you output PHP code, the most the visitor can do with it is manually save it to a local file, install their own PHP software, and run it in that. It's never going to magically run in the browser, no matter what you do.
If you want to run some code in the browser, it must be JavaScript. If you want to run some PHP code on the server, don't echo it, eval it:
<div class="article-content-container">
<?php eval($content); ?>
</div>
Note that eval treats its input as already having a PHP open tag, so you would pass echo "hello"; to it rather than <?php echo "hello"; ?>. You can still use ?> within the eval'd code to drop back to HTML+PHP mode if you need to.
Either PHP or JavaScript code could trivially be designed to be hostile, and so submitting any markup or code for execution on your website must be treated as a privileged action. You must make sure not to allow anyone who is not an authenticated administrator of your website to do it. There are ways to sandbox or purify such code if you really have to allow random people to run it, but that is more complex. CodeIgniter's xss_clean is an incomplete attempt to stop XSS, and is certainly not designed for executing user-submitted code safely, although it will mangle code and make it annoying to write.
In general:
If you need to execute submitted PHP then use eval($content);.
If you need to output submitted HTML, which may include executable JavaScript, then use echo $content;.
If you need to output submitted plain text (which is the only form where it is normally safe to allow input from users), then use echo htmlspecialchars($content);.
If you don't save your php tags in the database, you could use eval() for running the saved code:
eval($this->security->xss_clean($content));
Only when the saved bit is not surrounded by <?php and/or ?>
EDIT: Letting people run code from a database or even saving code in a database is a potential risk. It could be exploited.
I have created an index.php page in MAMP.
My index.php reads exactly like the following. I access it through localhost:8888.
<?php
echo file_get_contents("http://stackoverflow.com");
?>
However, instead of returning the html source code from this page as I believe it would do, it just returns http://stackoverflow.com as a regular webpage, like the webpage you are looking at now.
My MAMP is using PHP 5.5.10. The user_agent is set and allow_url_fopen is on.
I am severely confused. I would very much appreciate any explanations :)
It IS returning the html and the browser is interpreting it.
You can try wrap the output in tags:
<?php
echo '<code>' . file_get_contents("http://stackoverflow.com") . '</code>';
?>
Or set headers as text/plain instead of html:
<?php
header('Content-Type: text/plain');
echo file_get_contents("http://stackoverflow.com");
?>
Or if you want to keep the headers and not inject the output into code tags:
<?php
echo htmlspecialchars(file_get_contents("http://stackoverflow.com"));
?>
I prefer the last one.
If you want to see the plain text you can use the following,
<?php
header('Content-Type:text/plain');
echo file_get_contents("http://stackoverflow.com");
?>
What you see in your version is correct, since the HTML is rendered by your internet browser.
The results of a php script are by default sent to the bowser, so your code
<?php
echo file_get_contents("http://stackoverflow.com");
?>
Is reading the web page and then sending it to your browser. So it looks like it is just showing the page you read.
If you change it to
<?php
$page = file_get_contents("http://stackoverflow.com");
?>
Then you can do something with the web page source stored in $page.
If I have a piece of code that reads a chunk of HTML from a txt file and then echos that html onto the page, how can I accomplish the same task, but when there is PHP inside of the txt file?
ex:
this is the file being read:
<?php
$filecontent = // read some other file
echo($filecontent);
?>
and this is the page that is reading the file:
<?php
$code1 = //reading the above file
?>
<html>
<?php echo($code1); ?>
</html>
When you want to process files containing PHP code you need to use include instead of echo.
<?php include('your_php_file_name'); ?>
If you have the contents of the file in a string you are in a tough spot because the only way to process the code is eval, and in addition you have to properly set up any environment that the code requires. eval itself should be avoided, and the latter is impossible to do in the general case.
Use include instead of echo:
<?php include($file_that_contains_php); ?>
you need to include the first file and echo statement in the first file will get executed.
<html>
<?php require_once("firstfile.php"); ?>
You need to echo htmlentities($code1), because when you echo then browser will not show it contents, because it try to parse it as a html tag, but htmlentities will encode to safe html output this characters.
If you want to evaulate the code, then you need eval($code1) or include it.
Well most is in the title. I wonder if it's supposed to be that way or i can do the same without an if(1) condition I'm doing this because my website pages are all as php includes.
Thank you all
Answer retained:
Okay basically the way to do it is simply to include('file.php') as it will be considered out of the current <?php ?> environment.
Putting
<?php if(1): ?>
...
<?php endif; ?>
around your HTML code in a PHP file will have no effect on the result. You will still be able to include the file without it.
You can think of it like the "default mode" for a PHP file is that it contains HTML content. You only need to add <?php ?> tags if you want to add PHP code. If you're just putting HTML code in a PHP file, they're unnecessary.
The beauty of PHP is that you can move "in" and "out" of PHP very easily. You can do the following without issues:
<?PHP
if(whatever) {
?>
your HTML
<?php
include('whatever.php');
?>
more HTML
<?PHP
}
?>
To build on Zak's answer:
You can also use PHP to echo out things that aren't PHP... as long as you quote it appropriately.
<?php
//HTML
while ($x < 5) {
echo "<p> this is html that you can wrap with html tags! </p>";
$x++;
}
//Javascript
echo "<script type='text/javascript'>
some javascript code
</script>"
?>
Although, it's less confusing to just end the php tag to keep things separate.
And you can even use php as you want within html or javascript as long as you put the tags, and as long as the file is saved as a .php file (so PHP can be processed on the server).
Ex:
<script type="text/javascript">
//set a javascript image array to a php value
var imgArray = [<?php echo implode(',', getImages()) ?>];
</script>
But if you want to do this the other way around (IE, assign a browser-compiled value, such as a javascript value to a php value), you'll need to use AJAX.