Sorry for the vague title but it's hard to describe what I mean in a few words.
I made my own cms and use it for all my personal projects. On some pages I want to include a php script in the content area. I load the content simply by echoing the variable that holds the content.
The template file looks like this:
<div id="content">
echo $content;
</div>
In my CRUD I make a post containing a php snippet.
<?php echo "My name is ".$var.""; ?>;
Then I save it and load the page and this is what happens:
<div id="content">
echo <?php echo "My name is ".$var.""; ?>;
</div>
But what I want is that the php code get's executed instead of getting echoed.
Something like the Wordpress plugin Exec-PHP. Can anybody explain to me how to achieve this?
Thanks in advance!
You could use the PHP eval() function to execute PHP code. Be aware though, if you ever allow users to insert text that may at some point be run through eval(), you could end up with some serious problems.
The php website says:
The eval() language construct is very dangerous because it allows
execution of arbitrary PHP code. Its use thus is discouraged. If you
have carefully verified that there is no other option than to use this
construct, pay special attention not to pass any user provided data
into it without properly validating it beforehand.
You can try php eval() func. But it is considered evil.
Rather than use PHP instructions, why don't you output to HTML, and use Javascript to execute what is displayed? There is no danger to your server that way. Others have already warned about the dangers of eval() in PHP.
Related
I am using PHP in combination with Smarty Templates to generate pages serverside. Currently, I am loading a page as follows:
$smarty->assign('app', file_get_contents("some_content.php"));
Where some content contains HTML with PHP tags and code inside those tags.
I would like the PHP content inside this file within the current scope (That of the script reading the file), so that a particular function I've defined is available. How would I go about doing so? All the information I can find is regarding the eval(...) function, which doesn't seem to be able to cope with the HTML/PHP mixture: would I need to perform a find/eval/replace operation to achieve the desired result, or is there a more elegant way of doing this?
From my opinion, this short snippet of the code you posted shows that something is generally wrong there :)
But nevertheless you can achieve whatever you are trying to achieve by doing the following:
ob_start();
include("some_content.php");
$result = ob_get_clean();
$smarty->assign('app', $result);
Ich, I'm such a dummkopf. There is an answer right on the PHP manual for eval, right under my nose. Here is the answer I neglected to notice.
You can use {literal}...{/literal} smarty tags to display any content in smarty templates as is. It used to transfer java scripts and other specific content.
I am building my website completely in PHP. I am trying to make it as much flexible as possible.
I have seen there are some softwares made in PHP that are able to get a HTML page, and before showing it, the PHP code recognizes the code inside brackets {PHP Code} as PHP code, runs it and only then shows the final page.
<h1>Hi My Name is {echo $name}</h1>
How can I achieve the same? I know there is Smarty Code. But I do not want to learn Smarty, I just want to know how to check a HTML page with PHP, find every bracket and threat that as PHP before showing the page..?
Can you point me somewhere?
Are you looking for PHP's basic syntax?
If you enable short_open_tags (it usually is enabled by default), this will work:
<h1>Hi My Name is <?=$name?></h1>
otherwise, this will always work:
<h1>Hi My Name is <?php echo $name; ?></h1>
PHP is already a templating language - there often is no need to add another layer of templating on top of it.
I want to keep the template files separated from the php engine
In fact, you don't
Your template files would behave as native PHP files in every way.
So, there is asolutely no [logical] reason to prefer such a strange solution over native PHP.
use the php tags for the echo statement.
<h1>Hi my name is <?php echo $name; ?></h1>
Well, just point apache to index.php which includes phtml templates into itself. Use <?php ?> instead of { }.
I usually create modular websites, each part of the website being a .php file which will be included in the main pages.
Is it "better" to output HTML within PHP files using echo or to close each time the php tag ?> and open it each time I need to access a PHP function/variable.
V1:
<?php
$v1=$_POST['name'];
echo "Your name is".$v1;
echo $v1." if you want, you can log out";
?>
V2:
<?php $v1=$_POST['name']; ?>
Your name is <?php echo $v1; ?>
<?php echo $v1;?> if you want, you can log out
The thing is that between the php tags there's much more HTML code (echoed) than actual PHP.
Does it affect the script performance if I close the tags each time? And is it safe to acces variables declared in a previous block of php code?
EDIT1:
When closing the php tags isn't the server clearing some cache for that script, or something like that?
I think you can select whatever you want, but you should use it everywhere. For myself, second one is better
Definitely v2. Plus , you additionally should read this one : http://codeangel.org/articles/simple-php-template-engine.html (archive link: http://archive.is/CiHhD).
Using V2 would be better as it wouldn't break the syntax highlighting or code completion in many IDEs, but both of them are as good as the other.
As far as I know, there is no (considerable) difference in performance.
You could also consider using a template engine, however, that does impact performance. The most popular template engine is Smarty, but there are others (some better, some worse) out there.
I have blocks of HTML code in a MySQL database and my framework needs to print these within a PHP template which will be outputted to the browser. To do so I make this call:
</tr>
<!-- Section 3 -->
<?php echo SIN_SiteView::get('section3') ?>
<tr>
Which gets the code either from the APC or MySQL, now the code it obtains looks like this:
<td height="280" colspan="2" bgcolor="#00abd2">
<a href="#">
<img src="<?php echo SIN_Utilities::l("image", "home_flash.png")?>" width="710" height="280" border="0" />
</a>
As you can see I need to run all images through a method known as "l" which I use to easily change images paths. Now the issue is if I echo that block of code it will simply be echoed as a string and not work.
I tried surrounding the php with '. [code] .' and removing the php but that also did not work. Does anyone have any ideas on how I could properly echo this to the page.
Thanks.
UPDATE: I think I need to be using the eval() command thanks to some of the comments, I simply do not understand how to implement it in my situation. Any simple examples would be greatly appreciated, for example how do I change this line:
<?php echo SIN_SiteView::get('section3') ?>
To echo the entire block featured above, thanks again.
I think you want eval rather than echo. See this slightly different question.
My solution would be to eval '?>'.$myhtml.'<?php'.
Is the marketing team adding the php code to the html you are storing?
If not, maybe you could change your <?php echo FUNCTION() ?> into #FUNCTION() and evolve your SIN_SiteView::get() into your own templating interpreter?
I agree with cHao though; it would probably be easier to adopt one of the templating packages out there and convert your data over.
You'll need to use eval to evaluate the inline PHP. However, this is potentially quite risky (eval is evil, etc.), especially if any of the content that's being fetched is user sourced.
e.g.: At the very least, what's the stop the user inlining...
<?php die(); ?>
...within the content they enter.
As such, you'll need to take a great deal of care, if there's really no alternative to this approach.
Some updates:
If you're new to PHP I'd recommend having a re-think. Chances are there's no need to use eval. (Unless there's a dynamically customised content on a per-user basis then you don't need it.) What are you trying to achieve?
What specific error/problem are you having? (I presume you're using var_dump or print_r for debug purposes, etc.) As the content you need to eval isn't pure PHP (it's HTML with PHP in) you'll need to embed the PHP close and (re-)open tags as #Borealid illustrated.
I'd like to use PHP in a vBulletin style/skin, yet when I do so, the PHP doesn't work.
By 'not work', I mean it's treated just as plain text. And if you look in the code you can see the PHP code (hidden, by Firefox - which is the behaviour you get if you put PHP code on a plain html page)
http://vapurl.com/h0kp3fqr8c - view source, and you'll see what I mean.
You can't stick random PHP into the vBulletin templating system; it gives you some simple branching options in the form of
<if condition="$somevariable === $someothervariable">
some text or HTML to be displayed
</else>
some other text or HTML to be displayed
</if>
A good explanation of how the template conditional system works can be found in the vBulletin manual here.
Your short url appears to have expired, but if the code you wish to include is more complicated than that, you need to start looking into vBulletin hooks and plugins.
Assuming you're entering the correct PHP syntax, this may be occurring if you're trying to use any of the standard output methods.
If you are trying to use echo, print or any other similar output function, try wrapping all of your included PHP within ob functions.
Example:
ob_start();
//PHP code I want to run goes here
echo "Test this works?";
ob_end_clean();
hooks /plugins are the best way of manipulating data before displaying it in the template. You can add as much php as you want in a plugin and then modify the template to output the results.