I have a php script that does a query in my database and returns a string ( like "2" ). I print it using
print strip_tags('2');
but in the output of my browser I get :
<body><html>2</html></body>
Is there any way to prevent the tags from beiing printed? Is it maybe that the browser auto adds them?
For all those answering about strip_tags (" 2 ");
THIS IS WRONG:
I want a siple version.php
with
echo '2';
and nothing else. It prints the tags too. I don't have the tags and then try to print.
More explanation to those who try to get easy rep
my code is:
$str = '2';
print strip_tags($str);
and it prints
<html><head></head><body>2</body></html>
It is not possible. The browser creates these elements automatically, without it there would not be any text flow(means nothing of this could be made visible). You can just use this variable for any script, it won't include the HTML tags. This is only made by the browser to make it visible for you.
You can use
header("Content-Type: text/plain");
at the beginning of your script, in order to tell the browsers you're only gonna send plain text, not html. This will prevent your browser from automatically adding those html tags.
Then, check what you print (or echo). Here, the body tag should be in html tag.
Related
How would one go about showing PHP code on user end. Sort of like w3School does?
Having lets say a grey area div, and then showing the code in there without activating it?
You can use html entities <?php in the html it will be rendered as <?php
You can use htmlspecialchars to encode your code to use html entities.
Use <pre> or <code> tags to wrap your code.
Take a look at http://php.net/manual/en/function.highlight-string.php to further see how you can make the code look pretty.
Since passing a large block of code to highlight_string() can be messy, you may want to look at output buffering in combination with highlight_string to output colorized php code.
Something like:
<?php
ob_start();
?>
phpinfo();
echo "this echo statement isn't executed";
<?php
$code = ob_get_clean();
highlight_string($code);
?>
Simply you can use following code to display php code on webpage.
highlight_string("<?php print('This is php code.'); ?>");
It will give output like
<?php print('This is php code.'); ?>
The first step is to not wrap that code in PHP tags. So instead of this:
<?
var sample = "code";
?>
You would have this:
var sample = "code";
It's not the code itself which triggers the server-side compile from the PHP engine, it's the tags which indicate to that engine what blocks of the file are code and what are not. Anything that's not code is essentially treated as a string and output to the page as-is for the browser to interpret.
Once you're outputting the code, it's then a matter of formatting it. The old standard is to wrap it in pre tags to get rid of HTML-ish formatting:
<pre>
var sample = "code";
</pre>
You can also apply CSS style to the pre tags (or any other tags you want to use for displaying code, such as div) as you see fit.
There are also very useful code syntax highlighting plugins and tools to make the code a lot "prettier". Google-code-prettify often comes highly recommended.
Typically this is done by showing code within <pre> or <code> tags.
You can use this template........
######################################################################
echo "<h2><br>Source Code of ".basename((string)__FILE__) . "</h2><hr>";
show_source(__FILE__);
echo "<hr>";
echo "<h2>Output of ".basename((string)__FILE__) . "<hr></h2>";
#######################################################################
It will show the source code and output following.
use the header function of php, this will rea
<?php
header("content-type: text/plain");
?>
The PHP code will just be a string that you can echo or print onto the page, no different than any other data you want PHP to display for you. If you want to keep the formatting (ex. the indentation), put it inside a <pre><code> block.
Ex:
$php_code = '<?php $foo = bar; ?>';
echo "<pre><code>$php_code</code></pre>";
I'm making a website where a user should be able to use HTML and CSS in their profiles but I came across one problem.
<?php
$profile = "<h1>THIS IS A TEST</h1>";
echo htmlentities($profile);
?>
That's my code, but it only show this in the profile:
<h1>THIS IS A TEST&</h1>
I don't know what is happening, nor do I know if this only happens to me.
How do I make it show only the h1 content?
Function htmlentities is showing the representation of html characters like tags etc., and is being used especially to avoid parsing as html. So if you mean to echo html so that the browser parses it as html, the last thing you want is to use this function! Just echo it out directly, no need to use htmlentities or htmlspecialchars!
You just have to use echo $profile;, that's all. Check this and don't forget to check Display as HTML as browsers display PHP echoed text as HTML unless they're told to display it differently.
So I know that ob_start() prevents the webserver from sending any contents until ob_flush() is called, but how could I replace all the swear words on the page before flushing?
If I right understand you need:
Demo.
ob_start();
echo "some text here and here\r\n";
echo "some second text here and here\r\n";
$out = ob_get_clean();
echo $out."\r\n\r\n";
echo str_replace('here', 'there', $out);
You should not do that in the entire page, because it is very hard to analyze. (E.g. if someone wrote a JS with the variables 'ck' and 'f', you'd really mess with their product f*ck?) In HTML you could easily get tricked with fKck or fu<!-- n -->ck.
Rather set up a filter when you display (or even better: save) user-generated content (e.g. comments) and only filter those.
I'm quite new here. I'm trying to make a blog/journal site that allows users to post their own journal. I'm still quite reluctant on making it because I am really afraid of malicious code injections.
So here's a sample code:
<?php
$test = "<b>blah</b>"; //User input from SQL
echo "$test";
?>
What will come out is just the word "blah" in bold right? What I was trying to achieve was to echo "<b>blah</b>" instead. I don't want people to put some PHP codes that can actually mess up my whole web page. Please keep in mind that the variable $test is actually a MYSQL query, so that variable will be needed as an example. I know you can do echo '$test'; but it just comes out as "$test" instead. I feel like pulling my hair out I can't figure it out yet.
The second solution I know of is the htmlspecialchars(); function, but I want the strings to display as what I typed, not the converted ones...
Is there any way I can do that?
I think the OP wants the HTML itself to be output to the page, and not have the tags stripped. To achieve this, you can run the string first through htmlentities()
$test = '<b>blah</b>';
echo htmlentities($test);
This will output:
<b>blah</b>
Which will render in the page as
<b>blah</b>
Echo don't execute PHP code from string. This is impossible and this is not security hole in your code.
You can use a template engine like Twig for exemple.
If htmlspecialchars(); is not the one you are looking for, try the header() option.
header('Content-type: text/plain');
When you are gonna give <b>Hi</b> to a browser, it will be displayed in Bold and not the text be returned. But you can try this way, outputting it inside a <textarea></textarea>.
Or the other way is to use htmlentities():
<?php
$test = "<b>blah</b>"; //User input from SQL
echo htmlentities("$test");
?>
hello i have been searching for some php code that is something like element.innerHTML in javascript but i can't find it. i need it for some code that for example goes from 1-60 in 60 seconds
but if i do that with echo it just places everything under each other and that should not happen. i need something that just replaces the text. i also don't want to reload my page every second and i don't have the ability to write to files ( i can read them). and please don't tell me that i should do it in javascript.
so can someone tell me how to do this?
You can use PHP to spit out javascript that does the replacing. There won't be a pure PHP solution to this since PHP is server-side and doesn't have access to the rendering of the page on the client side.
Suppose the text you need to change is in a <div> tag named 'replaceMe'. You will want to use the ob_flush() functions in PHP to force out the javascript at the time you need it to display. The PHP to initialize that is
if (ob_get_level() == 0) ob_start();
Then, each time you need to update, you have something like this in your PHP code that adds to the body of the page:
echo '<script type="text/javascript" language="javascript">';
echo "document.getElementById('replaceMe').innerHTML = 'Text for this iteration';";
echo '</script>';
flush(); ob_flush();
Of course if you want to make it easier for yourself, you can make a PHP function to print all this out given an argument containing the text to replace.
Then at the end you need to have
ob_end_flush();
to replace some text try str_replace http://de3.php.net/manual/de/function.str-replace.php
or case insensitive str_ireplace