I am using
<textarea id="content" name="content" style="width:0; height:0;">
<?php $content = file_get_contents($url); ?>
</textarea>
and i am posting this text area to a php file
$file = $_POST["content"];
echo $file;
The output that i am getting displayed Everything with an extra \"
All the images , all the references... Any solution for this ?
For a start, the code in the textarea won't actually output anything, since all it's doing is assigning the contents of $url to the $content variable. Try using echo to output it:
<?php echo file_get_contents($url) ?>
As for the slashes, it sounds like a magic quotes problem. You can easily check this in the course of a script by calling get_magic_quotes_gpc, which will return true if the feature is enabled. The PHP website has some useful information on how to disable it.
Check if you have magic quotes activated.
You can check this, either in your configuration-files, or by viewing the output of php_info(). Here are instructions on how to disable this "feature".
Related
I have a php variable $username and following script:
<?php
echo ''.$username.'';
?>
If $username contains something <b it bolds text. How can I prevent that?
Use htmlspecialchars
echo ''.htmlspecialchars($username).'';
See documentation: http://php.net/manual/en/function.htmlspecialchars.php
echo ''.htmlentities($username).'';
like that:
<?php
echo ''.htmlspecialchars($username).'';
?>
http://php.net/manual/fr/function.htmlspecialchars.php
the echo in PHP returns the HTML of whatever you tell it should. So if you use e.g.
echo "This is my text which should be displayed as it is <b>";
the browser will translate it into the according HTML Text (every browser has built in mechanics to "repair" malformed HTML), which will be
<b>This is my text which should be displayed as it is</b>
This is not only wrong, but also a security risk. Imagine someone uses an extremely long name which would translate into javascript once the browser renders it. Your server would turn into a spambot machine.
To prevent this from happening, you have to use the according php function, which is htmlspecialchars() (or htmlentities();
So your code will be:
echo ''.htmlspecialchars($username).''
and it will display the name as intended.
You need to strip (remove) HTML tags from the string.
echo '' . strip_tags($username) . '';
http://php.net/manual/en/function.strip-tags.php
I have two files, one called test3.php, and another called test4.php. I'm trying to echo the variable in the link of the file test4.php, but it's echoing unexpected results. Please take a look.
In the file called test3.php:
<?php
$text = "Good morning.";
header('Location:test4.php?text=$text');
?>
In the file called test4.php:
<?php
$text = $_GET['text'];
echo "$text";
?>
Expected echo result:
"Good morning."
Actual echo result:
$text
I don't understand why it's echoing out $text, instead of "Good morning." One thing that came to mind is that you can't actually set variables when you're using a header, so if that's the case please let me know. Thank you.
Variables do not get parsed in single quotes
header('Location:test4.php?text=$text');
therefore, you need to use double quotes
header("Location:test4.php?text=$text");
References:
https://php.net/language.types.string
https://php.net/manual/en/language.types.string.php#language.types.string.syntax.double
What is the difference between single-quoted and double-quoted strings in PHP?
Plus, it's best to add exit; after header, in order to stop further execution, should you have more code below that (or decide to in the future).
http://php.net/manual/en/function.header.php
and using a full http:// call, as per the manual
<?php
header("Location: http://www.example.com/"); /* Redirect browser */
/* Make sure that code below does not get executed when we redirect. */
exit;
?>
Footnotes, about header, and as per the manual:
Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include, or require, functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file.
However you wrote, and I'm using this literally:
Expected echo result:
"Good morning."
If you want to echo just that "Good morning." having the text in double quotes, then you will need to change the following in your test4.php file:
echo "$text";
to, and escaping the " using \
echo "\"$text\"";
use
header("Location:test4.php?text=".$text);
In test4.php:
<?php
$text = $_GET['text'];
echo "$text";
?>
When you quote "$text", you are echoing af string.
What you will want to do, is echo the variable: $text.
So:
<?php
$text = $_GET['text'];
echo $text;
?>
...Without the quotes.. :)
And also, the: header('Location:test4.php?text=$text'); is a bitch, if you use it below a lot of code...
Safe yourself some trouble, and use:
echo "<script type='text/javascript'>window.location.href = 'test4.php?text=".$text."';</script>";
instead ;)
I have two php files, one index.php
<?php
include ‘Play.php’;
$temp = first(HH);
echo $temp;
?>
second Play.php
<?php
function first($string)
{
return $string;
}
?>
if i remove $temp = first(HH); from the first file then it works, if i include it, the index.php don't work (don't show anything on the screen when i call it within safari.
I know its going to be obvious but what am i doing wrong? Both files are in the same file directory.
Thanks
Use the right kind of quotes around your string for the include. " or ' not ‘ and ’.
The use of typographic quotes like that suggests you may be trying to write code with a word processor. Don't do that; get a text or code editor instead.
Your function is right but the way you are calling your function is not correct.And the way you are including the file is incorrect. You should include your file in quotes like "" or '' . You have to enclose the string in quotes "". Use the code below in index.php
<?php
include 'Play.php';
$temp = first("HH");
echo $temp;
?>
I hope this helps you
include expects double quotes " so change that in, your code and it should work.
include "Play.php";
Kindly change
$temp = first(HH); to $temp = first("HH");
its is because your function tack string as a parameter you should send a string
This is my code:
<?php
$lname = "templates/generator";
$link = "<img src=\"{$lname}/data/num_{$row}.png\" alt=\"{$row}\"/>";
echo $link;
?>
It does return this. Instead of an image, in the Firebug I can read the following:
<img src=" templates generator data num_1.png" alt="1">
So basically
it is replacing the slashes with white spaces. Where is the problem in this code?
A better idea would be to stop using messing with your quotes. Just sprintf() for outputting the HTML:
$link = sprintf('<img src="%s/data/num_%s.png" alt="%s"/>', $lname, $row, $row);
Also, while looking at your source, use your browser's View-Source feature, and not Firebug. It may be having it's own issues, as Ben said in the comments.
And to make sure you're not misreading the information, you can use a neat little header() trick:
header('Content-Type: text/plain');
PHP uses Content-Type text/html by default. Add this to the top of your script, and it'll display the HTML without any formatting and you can see what's really going on.
Try this:
Simply you should improve your line like this
$link = '<img src="{$lname}/data/num_{$row}.png" alt="{$row}" />';
Never use same commas in the same line, use different instead.
-
Thanks
I have PHP variables to place within an included HTML file. What's the best way of executing this?
//contents of file1.php
$variable1 = "text 1";
$variable2 = "text 2"
$newContent = include('file2.php');
echo $newContent;
//contents of file2.php
<p>standard HTML with PHP... <strong><?=$variable1?></strong></p>
<p><?=$variable2?></p>
This general method is considered OK but the actual code here doesn't work. Do I use file_get_contents() or include(), how do I execute the PHP within the includes file to output the correct contents?
Should I be using something like HTML>>>
What you're doing is fine, and you'll find that most people use the same exact method. I personally wouldn't use PHP short tags (some hosts don't enable it), but that's a matter of preference.
Edit: As per your edit, it seems like you don't have short tags enabled. Check your ini (http://php.net/manual/en/ini.core.php). But you really shouldn't be using short tags, because as clownbaby mentions, PHP 6 will deprecate them. Even if you don't care about future proofing your code, they're still troublesome (which is evident because your code isn't working). Switch to <?php echo $variable1; ?> and you'll be fine.
I think your code is fine, even most frameworks use it...
regarding the use of short tags, some servers do not allow it, so here is a workaround I use:
if ((bool) #ini_get('short_open_tag') === FALSE){
echo eval('?>'.preg_replace("/;*\s*\?>/", "; ?>", str_replace('<?=', '<?php echo ', file_get_contents("path/to/file2.php"))));
}else{
$newContent = include("path/to/file2.php");
echo $newContent;
}
$newContent = include('file2.php');
echo $newContent;
You shouldn't need to echo anything here. Just including the PHP file should execute any code inside it and spit out the interpolated template to the page. Whilst there is such a thing as returning a value from include, it's a rarely used feature you can generally ignore.
As ekhaled said, you may need to enable short tags or replace them with the always-supported <?php ... ?> processing-instruction-style syntax.
However, it's important to htmlspecialchars every text string when including it in HTML, or you've got a potential XSS security hole.
<?php
function h($text) {
echo(htmlspecialchars($text, ENT_QUOTES));
}
?>
...
<p>standard HTML with PHP... <strong><?php h($variable1) ?></strong></p>
<p><?php h($variable2) ?></p>