I'm working on making one of my first wordpress themes, but I seem to be encountering a weird issue. Whenever I call one of my functions with PHP, the return (when viewing the page) has a lot of white space (invisible characters). For some of the things I'm trying to do, it causes problems. Here's an example of one of my functions, the rest are built just like it.
// Get YouTube Username
function soc_youtube() {
global $up_options;
?>
<?php if($up_options->soc_youtube){ ?>
<?php echo $up_options->soc_youtube; ?>
<?php
}
}
That code generated this result:
Update: Fixed
Solution: Use less tags and cut down on breaks in code
Everything outside the php tags is pushed through directly to the output, including all your line breaks. To avoid that, leave the line breaks inside the PHP code:
<?php if($up_options->soc_youtube){
?><?php
echo $up_options->soc_youtube;
?><?php //...
(In your example, I don't see the need to close any of the tags at all, though. You could just have everything inside one set of tags.)
First, there is no need to end a php block and start it right back up again with nothing in between... especially on every single line. Try getting rid of those first and see if that makes a difference:
// Get YouTube Username
function soc_youtube() {
global $up_options;
if($up_options->soc_youtube){
echo $up_options->soc_youtube;
}
}
Next, if that doesn't work, try doing var_dump($up_options->soc_youtube); and see what's there and figure out why.
Related
I have a foreach loop iterating over an array of objects. The goal is to output data to a table cell from each object in the array. I go back and forth between HTML and PHP all the time, but this one won't output to the browser. Inside the loop I can error_log the object, but I can follow directly with an echo statement OR closing PHP to write HTML, and neither of them gets printed.
The funny thing is that this is actually inside another foreach loop that is written exactly the same way and works fine!
Edit: OK, I've simplified the code as much as possible. The error_log line writes "here" to the error log. The next line does not echo "here" to the browser!
<div class='grid-x'>
<?php
foreach($form->awards as $award) {
error_log('here');
echo 'here';
}
?>
</div>
RESULT: Only the wrapping <div class='grid-x'></div> is printed to
browser. Nothing inside, though the code is definitely iterating over
2 objects and console-logging "here" two times.
Things I've tried:
Getting rid of the wrapping <div>
Storing $form->awards in an array variable and iterating over that
Erasing and retyping the entire <td>
Copying the foreach line from other code where it works fine.
echo versus closing php ?> and using HTML.
Removing the error_log line
For the sake of this post I removed the line checking if $form->awards exists. I know it does in this instance.
Both echo('here') AND echo 'here';
I spend too many hours looking at code!
So I have 2 accordion tabs on the screen with a table inside of each. I was looking inside the wrong accordion and therefore not seeing that the output WAS getting sent to the browser.
It's hard to believe I spent a couple hours on this, but I'm glad to know I'm not crazy and it was a simple answer.
Thank you to everyone who tried to help.
I will vote to delete this post.
In fact, echo is not function, so you need to replace your line:
echo ('here');
with
echo 'here';
yes, if you want to use function to print something then you can use print('Here')
I am trying to convert a drupal installation into a front end driven by Code Igniter. This is an experimental project to check the performance boost I can get. But the biggest problem I am facing is that few fields in Drupal store php string as it is. For example
<?php print "A"; ?>
This is normal
Now I am able to see the text "This is normal" which comes from the query that I run in Code Igniter, but I don't see the php function which is saved inside the table. I can see the text when I view the record through phpmyadmin. But somehow not inside the CI query result.
I hope U've got the solution. But just in case if you haven't try this:
I created a table with two columns
//$result Contains the data fetched from the table using a model.
foreach ($result as $key=>$val) {
if($key == 'code') {
$val = str_replace('<?php','',$val); //Remove PHP's opening tag.
$val = str_replace('?>','',$val); //Remove PHP's closing tag.
$val = rtrim($val); //Remove leading and trailing spaces.
echo $key.': ';
eval($val.';'); //Execute the PHP code using eval.
} else {
echo $key.': '.$val.PHP_EOL;
}
}
I tried
echo $result['code']
print_r($result)
var_dump($result)
highlight_string($result['code'])
eval($result['code'])
and finally str_replace followed by eval($result['code']).
Check the screen shot of the result obtained from: here
There you can see that the Result produced by 1,2, and 5 are empty. But when you inspect element against the empty space It'll clearly show that the string that's echoed/print is commented out.
Screen-Shot. This is has nothing to do with codeigniter. Its done by HTML Parser.
So the solution is to remove the opening and closing tags of PHP and then use eval. I hope this helps.
Thanks for the help. Yes, the last resort was the eval function and that is the one which helped me attain which I was wanting it to do.
The data which was inside the database had PHP function and only eval function was able to treat that part as a PHP code and execute it when I was getting the data inside my view.
I'm quite new here. I'm trying to make a blog/journal site that allows users to post their own journal. I'm still quite reluctant on making it because I am really afraid of malicious code injections.
So here's a sample code:
<?php
$test = "<b>blah</b>"; //User input from SQL
echo "$test";
?>
What will come out is just the word "blah" in bold right? What I was trying to achieve was to echo "<b>blah</b>" instead. I don't want people to put some PHP codes that can actually mess up my whole web page. Please keep in mind that the variable $test is actually a MYSQL query, so that variable will be needed as an example. I know you can do echo '$test'; but it just comes out as "$test" instead. I feel like pulling my hair out I can't figure it out yet.
The second solution I know of is the htmlspecialchars(); function, but I want the strings to display as what I typed, not the converted ones...
Is there any way I can do that?
I think the OP wants the HTML itself to be output to the page, and not have the tags stripped. To achieve this, you can run the string first through htmlentities()
$test = '<b>blah</b>';
echo htmlentities($test);
This will output:
<b>blah</b>
Which will render in the page as
<b>blah</b>
Echo don't execute PHP code from string. This is impossible and this is not security hole in your code.
You can use a template engine like Twig for exemple.
If htmlspecialchars(); is not the one you are looking for, try the header() option.
header('Content-type: text/plain');
When you are gonna give <b>Hi</b> to a browser, it will be displayed in Bold and not the text be returned. But you can try this way, outputting it inside a <textarea></textarea>.
Or the other way is to use htmlentities():
<?php
$test = "<b>blah</b>"; //User input from SQL
echo htmlentities("$test");
?>
Could somebody explain me why the PHP tags are giving me a linebreak?
And also, how can you delete this or stop this from happening, as it messes up my site.
An example I'm using on my site:
<?php include('assets/common/theme_header.php'); ?>
EDIT:
This doesn't seem to happen when I'm using:
<?php ?>
It does however seem to happen only when I'm using echo, which I also use on my include.
Example:
<?php echo "hello"; ?>
This still gives me a "linebreak", and it shows like this in Chrome development kit:
I had a similar situation where a php file on the server always echoed a space, then newline and then the actual echo. Like " \n[someVariable]". I got rid of it by making sure the php file had no empty lines at the beginning or end of the file.
So no empty line before the <?php or after the end ?>
Perhaps your problem is related.
I have a string that has HTML & PHP in it, when I pull the string from the database, it is echo'd to screen, but the PHP code doesn't display. The string looks like this:
$string = 'Hello <?php echo 'World';?>';
echo $string;
Output
Hello
Source Code
Hello <?php echo 'World';?>
When I look in the source code, I can see the php line there. So what I need to do is eval() just the php segment that is in the string.
One thing to consider is that the PHP could be located anywhere in the string at any given time.
* Just to clarify, my PHP config is correct, this is a case of some PHP being dumped from the database and not rendering, because I am echo'ing a variable with the PHP code in it, it fails to run. *
Thanks again for any help I may receive.
$str = "Hello
<?php echo 'World';?>";
$matches = array();
preg_match('/<\?php (.+) \?>/x', $str, $matches);
eval($matches[1]);
This will work, but like others have and will suggest, this is a terrible idea. Your application architecture should never revolve around storing code in the database.
Most simply, if you have pages that always need to display strings, store those strings in the database, not code to produce them. Real world data is more complicated than this, but must always be properly modelled in the database.
Edit: Would need adapting with preg_replace_callback to remove the source/interpolate correctly.
You shouldn't eval the php code, just run it. It's need to be php interpreter installed, and apache+php properly configured. Then this .php file should output Hello World.
Answer to the edit:
Use preg_replace_callback to get the php part, eval it, replace the input to the output, then echo it.
But. If you should eval things come from database, i'm almost sure, it's a design error.
eval() should work fine, as long as the code is proper PHP and ends with a semicolon. How about you strip off the php tag first, then eval it.
The following example was tested and works:
<?php
$db_result = "<?php echo 'World';?>";
$stripped_code = str_replace('?>', '', str_replace('<?php', '', $db_result));
eval($stripped_code);
?>
Just make sure that whatever you retrieve from the db has been properly sanitized first, since you're essentially allowing anyone who can get content into the db, to execute code.