I have a following question. I have put a long text (variable type LONGTEXT) into MYSQL database - through command line. Somewhere in this text there's a <br> tag, and near the end of text there's <?php phpinfo(); ?>. If i type SELECT * FROM mytable WHERE id=1, this whole text shows as it is, so it is unaltered (read: both <br> AND <?php phpinfo(); ?> are there. But when I submit query via php like this:
if (mysql_num_rows($result) > 0) {
while($row = mysql_fetch_row($result)) {
echo $row[1];
}
}
Then the text is displayed exactly as I want it on my webpage, that means that <br> tag is processed by the browser as newline, AND <?php phpinfo(); ?> part is IGNORED. That is actually exactly what I want. But my question IS: WHY doesn't <?php phpinfo(); ?> part get processed via browser?? Does the PHP's echo function ignore the <?php tag??
Thanks in advance for explanations.
Because echoing a string is not the same as evaluating it.
PHP generates HTML, which is then processed by the browser. However a string containing PHP code won't be evaluated unless you specifically put it through eval() (hint: DON'T!)
Browsers don't process PHP. It is a server side technology.
Your PHP is reading some text from the database and outputting it to the browser. That the text includes the string <?php is immaterial, it is output from the PHP programme, not part of the script.
When the browser parses it, it just looks like invalid HTML and it tries to perform error recovery (more or less ignoring it as an unrecognised tag).
try this in a new empty browser window:
javascript:document.write('<b>hello <?php ?> is here!</b>');
Then open up firebug/inspector.
In safari, the <?php ?> thing seems to be interpreted as/converted to a comment.
PHP echoes anything you throw to it. If you want to execute the longtext, use eval, if you want to properly display it, you could use the http://php.net/manual/en/function.htmlentities.php function for example.
Related
What happens when the first line is executed? Is the code being executed? Because nothing appears in the browser..
<?php echo htmlspecialchars_decode("<?php file_put_contents("./tete.php","der inhalt"); ?>"); ?>
(I did htmlspecialchar on String: "<?php file_put_contents("./tete.php","content"); ?>" before and then want to decode it and it shouldn't be executed and if possible displayed in browser.)
I am wondering because nothing appears in the browser and there is a echo.. But i don't think the code is being executed because otherwise their should be a new tete.php file now in the directory.. so what happens?
Look at the raw source code that is being output to the browser, it contains <?php file_put_contents("./tete.php","content"); ?>, which is being interpreted as an HTML tag and hence doesn't show up. And no, it's not being evaluated as PHP code. That would require that all strings are checked whether they're runnable PHP code and then get evaluated. And if the result of that is another string which is runnable PHP code? Infinite recursive PHP execution…? That's not how it works.
I'm trying to create a block of PHP code within HTML such that when the user loads the page, it displays their IP address and time/date as the user in an email address.
I'm using apache on fedora21, and have enabled PHP (tested with phpinfo() function in the same HTML file).
Here is the code I'm trying to execute:
<? echo '<a href="mailto:'.$REMOTE_ADDR.'_'.date('y-m-j').'-#example.com" title="There is no spoon">For stupid spambots'; ?>
It just prints For stupid spambots'; ?> without printing the generated email address.
<? echo 'For stupid spambots'; ?>
Need to close <a href at first, and if you want to return IP its $_SERVER['REMOTE_ADDR'] not $REMOTE_ADDR except you define that variable before.
Judging from the fact that you can see closing ?>, I deduce that your PHP code doesn't run at all and is interpreted like regular HTML.
There might be several reasons why (badly configured Apache being one of them), but my prime suspect is that you have disabled short PHP tags. Try using <?php instead of <?.
You used the syntax of an html anchor wrong. Consider this:
<?php
$address = sprintf('%s_%s-#example.com', $_SERVER['REMOTE_ADDR'], date('y-m-j'));
echo sprintf('%3$s: %1$s',
$address,
'There is no spoon',
'For stupid spambots');
?>
You have to print the address into the visible text content of the anchor definition if you want it to be visible. You only but the "For stupid spambots" string in there which is what got displayed.
( Note that I just used the sprintf() calls to keep the lines short and readable. Obviously this also works with traditional string concatenation. )
I have a php script that does a query in my database and returns a string ( like "2" ). I print it using
print strip_tags('2');
but in the output of my browser I get :
<body><html>2</html></body>
Is there any way to prevent the tags from beiing printed? Is it maybe that the browser auto adds them?
For all those answering about strip_tags (" 2 ");
THIS IS WRONG:
I want a siple version.php
with
echo '2';
and nothing else. It prints the tags too. I don't have the tags and then try to print.
More explanation to those who try to get easy rep
my code is:
$str = '2';
print strip_tags($str);
and it prints
<html><head></head><body>2</body></html>
It is not possible. The browser creates these elements automatically, without it there would not be any text flow(means nothing of this could be made visible). You can just use this variable for any script, it won't include the HTML tags. This is only made by the browser to make it visible for you.
You can use
header("Content-Type: text/plain");
at the beginning of your script, in order to tell the browsers you're only gonna send plain text, not html. This will prevent your browser from automatically adding those html tags.
Then, check what you print (or echo). Here, the body tag should be in html tag.
I've been reading a book on Zend framework and there's this HTML/PHP code section I can't figure out. It's contained in the VIEWS part of the MVC methodology:
<select name="genre">
<?php foreach ($this->genres as $genre) { ?>
<option value="<?php echo $genre ?>"><?php echo $genre ?></option>
<?php } ?>
</select>
The genre ($this->genres) refers to array('rock', 'r&b', 'country', 'rap', 'gospel', 'rock n roll', 'techno').
The code runs perfectly, producing a drop-down select menu, but I don't understand how the second line is even legal, let alone work. How does the PHP code work beyond its enclosing tags?
PHP is an unusual (templated) language in this context. The parser actually considers everything between ?> and <?php as being some weird kind of echo. It is ignored as part of the program code, although the parser does run (it just outputs it and skips it as part of program code).
From the PHP manual:
Everything outside of a pair of opening and closing tags is ignored by the PHP parser which allows PHP files to have mixed content. This allows PHP to be embedded in HTML documents, for example to create templates.
(...)
This works as expected, because when the PHP interpreter hits the ?> closing tags, it simply starts outputting whatever it finds (except for an immediately following newline - see instruction separation) until it hits another opening tag unless in the middle of a conditional statement in which case the interpreter will determine the outcome of the conditional before making a decision of what which to skip over.
This allows PHP to be used for numerous of things. You can't just create dynamic HTML files with it, you can for example also create XML (although it's a bit tricky to get the XML header right), text files, CSS files, etc., as long as the PHP interpreter is ran for that file, it will execute everything between <?php and ?> as program code and the rest will be outputted as-is.
You can think of the sections between ?> and <?php tags as string arguments to echo (but without $variables or quotes interpretation).
So <?php echo 2;?>3 is equivalent to <?php echo 2; echo 3;?>.
It helps to remember that PHP stands for "PHP: Hypertext Preprocessor." In short, its primary job is to produce HTML output.
Everything inside the PHP tags is executed on the server side, and produces output as needed. This is added to everything that PHP ignores (anything outside the PHP tags, like <option value...></option> in your case.
You can think of it as though the PHP engine turns on and off each time it encounters a PHP tag.
<?php //this gets processed ?>
This is sent as output, unchanged
<?php // this gets processed ?>
and so on.
I'm attempting to file_get_contents and output php code as a string without being rendered. The idea is to grab the raw un-rendered file contents so they can be edited in a textarea...
// file "foo.php" I'm needing the contents of
<h1>foo</h1>
<? include 'path/to/another/file' ?>
// php file that's calling the file_get_contents
<?php
echo file_get_contents('foo.php');
?>
The above code is stripping out the php include in foo.php which outputs:
<h1>foo</h1>
Does anyone know how I can get foo.php contents as a raw un-rendered string where output will be?:
<h1>foo</h1>
<? include 'path/to/another/file' ?>
Any help is greatly appreciated!
As far as I know you can't get php content unless it's on the same server.
Make sure you're trying to access a locally hosted file and not something remote and it should work.
Also if you try to echo code it will try to parse it, so pass it through htmlspecialchars($source) and it should work.
Something like this:
<?php
echo "<pre>";
echo htmlspecialchars(file_get_contents('file.php'));
echo "</pre>";
?>
Would echo formatted source code of the php file, including comments and any other text in it without being parsed. And since it looks like it's important to you, I'd also say that it shows in the DOM of course since it's no longer code, now it's text. You can place it inside a container, style it and do whatever you want with it.
You can also do :
<?php
highlight_file('file.php');
// or alternatively
echo highlight_file('file.php',true);
And that will output the file like with htmlspecialchars and file_get_content but within <code> tags and with some syntax highlighting.
highlight_string :
(PHP 4, PHP 5, PHP 7)
highlight_string — Syntax highlighting of a string
highlight_file :
(PHP 4, PHP 5, PHP 7)
highlight_file — Syntax highlighting of a file