here is a code where I don't understand why the php code where the output is: This is a $string with my $name in it. This is a cup with my coffee in it.
<?php
$string = 'cup';
$name = 'coffee';
$str = 'This is a $string with my $name in it.';
// will not echo the value of the strings variable because there in ' '
echo $str. "\n";
// this function is like writing the php code outside of it
// it gets a string with php statments (;)
// because the code is written in a string
// if it is written it double quotes you have to escape $ and "
// and if it is written in single quotes you have to escape '
eval("\$str = \"$str\";");
//it is not like this, why?????
//eval('$str = "$str";');
// and not like this, why???????
//$str = "$str" ;
echo $str. "\n";
?>
why doesn't the statement : eval('$str = "$str";'); or the statement: $str = "$str" ; do the same thing as the statement: eval("\$str = \"$str\";"); in this code
A Double quoted string evaluates all the variables inside it. A Single Quoted String does not.
Now to this statement
eval("\$str = \"$str\";");
first \$str -> the $ is escaped, so its a literal, and not the $str variable
second $str -> the $ is not escaped and the whole string is in double quotes, so this will become
$str = "This is a $string with my $name in it."
Now this PHP code is evaluated, which assigns the string on right to the variable on left. Hence $str becomes what This is a cup with my coffee in it.
Eval should be avoided.
//it is not like this, why?????
//eval('$str = "$str";');
Because the input string might contain single quotes, so you can't use them to start and end the string.
// and not like this, why???????
//$str = "$str" ;
Because you want to evaluate a string, and the above is no string.
I don't see the point of this example, just use double quotes:
<?php
$string = 'cup';
$name = 'coffee';
$str = "This is a $string with my $name in it.";
echo $str. "\n";
?>
In the first eval statement:
eval("\$str = \"$str\";");
As second $ is not escaped, and you are using double quotes over the entire arguement, so second $str's value is passed to the eval, and the argument of eval becomes:
eval("\$str = \"This is a $string with my $name in it.\";");
which when evaluated, becomes:
$str = "This is a $string with my $name in it.";
Which assigns 'This is a cup with my coffee in it.' to $str.
In the second eval:
eval('$str = "$str";');
the statement evaluated is:
$str = "$str";
Which is same as your third statement. When this statement is executed, it converts non-strings to strings. In this case, $str is already a string, so this statement has no effect on the value of $str.
Hope this helps. :)
Why would you need eval in this context ?
Variables inside single quotes will not be interpreted , Instead put it under double quotes.
$str = "This is a $string with my $name in it."; //<--- Replaced single quotes to double quotes.
Secondly.. If you are really worried about escaping why don't you make use of a HEREDOC Syntax
<?php
$string = 'cup';
$name = 'coffee';
$cont=<<<ANYCONTENT
This is a $string with my $name in it. This text can contain single quotes like this ' and also double quotes " too.
ANYCONTENT;
echo $cont;
OUTPUT :
This is a cup with my coffee in it. This text can contain single quotes like this ' and also double quotes " too.
Related
I'm trying to use eval() to execute a string of SimpleHTML. I'm fully aware of the dangers of eval() and will not be using any user input for the string that is to be executed.
$my_data = str_get_html('<html><body>Hello!</body></html>');
$str = '$my_data->find(\'a\', 0)->attr[\'href\']';
eval ("\$str = \"$str\";");
echo $str;
The above code doesn't execute, and after echoing $str, I get:
('a', 0)->attr['href']
What happened to the first part of the $str string (i.e. $my_data->find )? How can I actually execute the code from the $str string?
The code you are passing to the eval is wrong. You are trying to eval the following code:
$str = "$my_data->find('a', 0)->attr['href']";
The correct code would be:
$str = $my_data->find('a', 0)->attr['href'];
Or:
$str = "{$my_data->find('a', 0)->attr['href']}";
This code works:
<?php
require __DIR__ . '/simplehtmldom_1_9_1/simple_html_dom.php';
$my_data = str_get_html('<html><body>Hello!</body></html>');
$str = '$my_data->find(\'a\', 0)->attr[\'href\']';
eval ("\$str = $str;");
echo $str;
I'm trying to change straight quotes ("something") to curly quotes („something“) in PHP. Other answers are not for my situation, since I have a product details imported from DB as variable, using str_replace I've managed to only change it to „ and it seems like I can't change the second one to be “. From what I know, there is no way to accomplish this.
For example:
$description outputs -> Hello "everyone", I would like to "change" this straight "quotes" to "curly" ones.
What I would like:
$description outputs -> Hello „everyone“, I would like to „change“ this straight „quotes“ to „curly“ ones.
Try using preg_replace with the pattern "(.*?)". Then, replace with the capture group $1 inside curly quotes.
$input = "Hello \"everyone\", I would like to \"change\" this straight \"quotes\" to \"curly\" ones.";
$output = preg_replace("/\"(.*?)\"/", "„$1“", $input);
echo $output;
This prints:
Hello „everyone“, I would like to „change“ this straight „quotes“ to „curly“ ones.
Edit:
You are trying to replace HTML code, where double quotes have been encoded, so try the following:
$input = "Exklusiv von buttinette: Baumwollstoff "Leo",";
$output = preg_replace("/"(.*?)"/", "“$1”", $input);
echo $output;
This prints:
Exklusiv von buttinette: Baumwollstoff “Leo”,
Using explode and array_reduce:
$str = 'Hello "everyone", I would like to "change" this straight "quotes" to "curly" ones.';
$parts = explode('"', $str); // or explode('"', $str);
$carry = array_shift($parts);
$result = array_reduce($parts, function ($c,$i) {
static $up = false;
return $c . ((true === $up=!$up) ? '„' : '“') . $i;
}, $carry) ;
demo
Obviously if your original quotes are html entities you have to change the first parameter of explode.
Using strtok:
$str = 'Hello "everyone", I would like to "change" this straight "quotes" to "curly" ones.';
$result = substr(strtok(".$str", '"'), 1);
while (false !== $part = strtok('"')) {
$result .= "„${part}“" . strtok('"');
}
demo
Is this the right way to escape a string just in case or I can insert string like this without additional escaping?
$filenamefordb = preg_replace('/[^A-Za-z0-9а-яА-Я_\.\-]/u', '', $filenamefordb);
$query = "INSERT INTO file SET filename='$filenamefordb";
I don't use mysqli_escape because I also need name without any quotes in another place
Why don't you escape the string using PDO?
<?php
$conn = new PDO('sqlite:/home/lynn/music.sql3');
/* Complex string */
$string = "Co'mpl''ex \"st'\"ring";
print "Unquoted string: $string\n";
print "Quoted string: " . $conn->quote($string) . "\n";
?>
This will output
Unquoted string: Co'mpl''ex "st'"ring
Quoted string: 'Co''mpl''''ex "st''"ring'
Reference:
http://php.net/manual/it/pdo.quote.php
you can escape it with a generic php function:
$filenamefordb = mysql_escape_string ($filenamefordb);
$query = "INSERT INTO file SET filename='$filenamefordb";
Code snippet:
$str = "text";
echo "str variable contains $str";
This code returns:
str variable contains text
How to return following string without closing whole echo in singlequotes? I want to somehow esape variable still using doublequotes, like this:
str variable contains $str
echo "str variable contains \$str";
If you want to automate this, use str_replace().
$str = "text";
$text = "str variable contains $str";
$text = str_replace('$', '\$', $text);
echo $text;
Basically I have a block of html that I want to echo to the page and the html has the $ sign in it and the php thinks it is a variable so $1 is treated as the variable not the value and is not displayed.
There is the standard answers here but none are working: PHP: How to get $ to print using echo
My next idea is to split the string at the $ and echo each part out.
Here is the code I have tried echo and print.
foreach ($rows as $rowmk) {
$s = $rowmk->longdescription;
//$s = str_replace('$', '#', $s);
$s = str_replace('$', '\$', $s);
//echo "$s" . "<br>";
print $s;
}
All help appreciated.
OK I solved by using the character code value for $
foreach ($rows as $rowmk) {
$s = $rowmk->longdescription;
$s = str_replace('$', '$', $s);
echo $s . "<br>";
}
I figured I should just post it anyway.
Thanks,
Mat
Or you could echo string literal using single quotes...
<?php
echo 'Give me $1';
?>
will print:
Give me $1
PHP string docs:
http://php.net/manual/en/language.types.string.php
Side note - the link you provide has many answers that would work perfectly. How are you applying them in a way that doesn't work?
Just use a single quoted string.
$foo = 'Hello';
echo '$foo'; // $foo
echo "$foo"; // Hello
You're doing it in the wrong place. Variable interpolating is done when double quoted string literal (which in your case is stored within $rowmk->longdescription is daclared. Once it's done, you can't really do anything to get your $s back.
Solution, do proper escaping, when you declare the string.
I assume you read your rows from a database. Dollar Signs inside these strings will not be interpolated by php. Here's a little test script to try it out:
// you'd first have to set the three variables according to your database
$dbh = new PDO($DSN, $DB_USER, $DB_PASS);
// create a table and insert a string containing a dollar sign
$dbh->exec('CREATE TABLE IF NOT EXISTS some_text ( longdescription VARCHAR( 255 ))');
$dbh->exec('INSERT INTO some_text ( longdescription ) VALUES ( "10 $" )');
// query all the data from the table
$query =$dbh->query("SELECT * FROM some_text");
$rows = $query->fetchAll(PDO::FETCH_CLASS);
// loop over all the rows (as in your example) and output the rows
// no problem at all
foreach ($rows as $rowmk) {
$s = $rowmk->longdescription;
echo $s . "<br>";
}
You can use "\$"
ex:
"\$stringvalue"
I did it using this
echo "$" . "VariableName";