Some Background info: My web application stores some XML in a Text column of the MySQL database. This XML represents a transaction for the application.
The problem occurs when I'm testing my library. Within PHP, I have a string:
$s="<flist><transaction amount=\"10\" type=\"income\">Initial Amount</transaction></flist>";
However, whenever I echo or consecrate this string, it turns into "Initial Amount". Am I missing a feature of PHP? How can I fix this? Wow! As I'm creating this post, StackOverflow is transforming that XML into $s=Initial Amount as well... Please help... Thank-you for your time as this completely perplexes me.
PHP doesn't automatically parse the string.
Are you echoing it and viewing it in a browser? It's very likely that the browser skips over the unknown tags and shows what it can. You might want to considering adding in htmlspecialchars() to your output like so:
echo htmlspecialchars($s);
You should also see it correctly when viewing the web source. This is a feature of HTML to support future versions without breaking current ones.
Related
i have problem in my website as i can't generate sitemap form site https://www.xml-sitemaps.com/ , every time i generate it get empty sitemap with this comment
" This XML file does not appear to have any style information associated with it. The document tree is shown below."
and i really don't know how can i solve it
so please could anyone help me in this problem
That's not an error. That's absolutely as expected. Sitemaps aren't for you to look at, they are designed for a machine to process.
Reference
XML and HTML are like cousins. They share a lot of it's syntaxis, but html has some standardized semantics, while the semantics of xml is totally up to you, the creator of a xml document.
So what happens here; you're browser is reading xml, but a tag is not considered something to be outputted, it is considered to be describing something, which can be outputted on a certain way, if there is styling information available.
So what you see is the browser (probably IE; get a proper browser) telling you it doesn't know how to present the xml file in a proper way and deciding it will not show it at all. But if you look to the source (ctrl+u or cmd+u), your sitemap will be there.
Although in contrast to what #ShakirKhan says; xml is designed to be looked at both by humans as well as computers. So it is understandable, but it should not happen. You should just see the xml file (so, get a proper browser)
I am creating some kind of custom CMS (home automation).
Well I am not a PHP developer - just hobbyist.
What I am trying to achieve is:
In my index.php page I have something like:
"<?php echo $pageBody; ?> "
PageBody I am fetching from Database, well it works well for HTML, JS. But it doesn't work with PHP code source.
I done some research I believe this is related to PHP security restrictions.
My question: Does anybody would be able to provide safe sample (cannot find any samples like this) - how I should do this.
I am trying to insert some php code and render it eventually via browser:
<div id="outer">
<div id="inner">
***PHP Code should go here***
</div>
</div>
At the minute - it is being rendered as text. However I can render properly HTML and JS.
My preferable way would be - as much as possible secure.
Many Thanks Guys!
When you retrieve PHP code from a database text field, the PHP interpreter does not "know" that it should parse the data as a PHP script. To the PHP interpreter, the data in that field is no different from any other data -- it is all strings without any special significance.
You could use eval (docs) to accomplish this if you're dealing with pure PHP scripts. Be forewarned: eval is considered "evil" because using it comes with risks, especially if your users will have any input as to the content of the database.
In your case, it sounds like you want to parse mixed PHP and HTML that is stored in a database field. In order to do this, you'd need to write the database data into a file, then include it so the PHP interpreter can do its thing. You should implement some kind of caching mechanism in this process, otherwise it might become heavy on your server with many users. You may also want to use output buffering (docs) to capture the output instead of immediately sending it out.
Briefly, you'd want to do something like this:
$content_from_db = "<h1>Hello <?php print 'Clarisse'; ?></h1>";
$identifier_from_db = '12'; // like the primary key from the table
$file_handle = fopen('cached_content/CACHE_'.$identifier_from_db.'.php', 'w');
fwrite($file_handle, $content_from_db);
fclose($file_handle);
// here is where you'd start output buffering, if you're going to do that (optional)
include('cached_content/CACHE_'.$identifier_from_db.'.php');
// and then here you retrieve the output buffer's content (optional)
Please note that this is not a "traditional" way of including dynamic content, and the above code is not production-ready. Without knowing your use case, I can't say for certain, but this idea of storing PHP code in the database is a rather unusual way to proceed.
Another alternative to rolling your own is the smarty template library. Check it out here: http://www.smarty.net. With smarty, you can write a resource plugin to pull the templates from the database. It would look something like the code above (more info)
Documentation
fwrite - http://php.net/manual/en/function.fwrite.php
include - http://php.net/manual/en/function.include.php
PHP basics on theopensourcery.com - http://theopensourcery.com/phpbasics.htm
Server-side scripting on Wikipedia - http://en.wikipedia.org/wiki/Server-side_scripting
eval - http://php.net/manual/en/function.eval.php
Output Control (buffering) - http://php.net/manual/en/book.outcontrol.php
Smarty - http://www.smarty.net
to execute PHP that you store in a string (or database) you can use the eval function, but be careful it could be somewhat dangerous.
You can't render (probably you mean execute) php code in the browser, because php scripts execute on the server and then the output is sent to the browser. By the time the browser recieve the response, script has already finished execution.
You can fetch the code from database and use eval() before sending the output. But you must be aware of drawbacks from this approach.
Browser cannot render (execute) PHP code. PHP is something that the server executes and sends to the browser as plain HTML to display.
For testing purposes you can download and install WAMP thats the most hassle free one stop solution for development.
link : http://www.wampserver.com/en/
I'm developing a web application where an html page is created for the user. The page could include anything that the user puts in it. We take these pages and add a little PHP at the top to check some things before outputting the actual html. It would look kind of like this:
<?php
require 'checksomestuff.php';
// User's html below
?>
<html>
<!-- user's html -->
</html>
Is there a way to stop PHP from parsing anything after my require? I need the html to be outputted, but, since the user can add anything they want to the html, I don't want any user-added PHP to be executed. Obviously that would be a security issue. So, I want the user's html to be outputted, but not parse any PHP. I would rather not have to put the user's html into another file.
One sensible way would be to offload the user created content to another file and then you should load this file (in your main php file) and output it as is - without parsing it as PHP.
There are many other ways to do this but if creating another file does the job for you then thats probably the best way forward.
UPDATE: Really must read last line of question!
You could encode the html into a variable using base64 encoding which you then just print out the decoded string.
If you don't store the file data in a php file, say n a txt or html file, the php won't be evaluated.
Alternatively you could read the file via file_get_contents() or by some other means which doesn't involve evaluating php.
Though I'm still tempted to ask why you want to do this (particularly this way), it sounds to me like one of the only things that can help you is the special __halt_compiler() function...
That should prevent it from executing the rest of the page, and may or may not output the rest of it. If not, well, read the first (and currently only) example in the PHP's manual for that function (linked above) for how to do it manually.
The only trouble I see with this method is that you'd probably have to have that code in every file you want to do this for, after your require.
I want to upload dynamically content from a soccer live score website to my database.
I also want to do this daily, from a single page on that website (the soccer matches for that day).
If you can help me only with the connection and retrieval of data from that webpage, I will manage the rest.
website: http://soccerstand.com/
language: php/java - mysql
Thank you !
You can use php's file function to get the data. You just pass it a URL and it returns the content as an array of lines from the file. You can also use file_get_contents to get the content as one big string.
Ethical questions about scraping other site's data aside:
With php you can do an "open" call on a website as long as you're setup corectly. See this page for more details on that and examples: http://www.php.net/manual/en/wrappers.http.php
From there you have the content of the web page and it's a matter of breaking it up. Off the top of my head, I'd use regular expressions or an HTML parser to break apart the HTML, and then loop through the child elements and parse the data into your database calls to save the data.
There are a lot of resources for parsing HTML on the web and it's simply a matter of choosing the one that will work best for you.
Keep in mind you'll need to monitor the site for changes, because if they change elements, or their classes/ids you might need to change your parsing structure as well.
Using curl you will get the content of the page, then using regex you will get what you want.
There is an easy way: http://www.jonasjohn.de/lab/htmlsql.htm
This is probably something really simple, however I am quite new to PHP, and havent done any HTML in years.
I need to get a PHP variable filled with an array of figures into Google Charts. My code for this so far is:
<img src="http://chart.apis.google.com/chart?
&chs=340x175
&chd=t:<?=$filedetail[1]?>
&cht=lc
&chtt=Test
">
However, Google reports an error, as it stops at the ?=$filedetail[1] for some reason. It doesnt seem that reading the variable is the problem, more that the API simply cant read past the start of the PHP tags.
Thanks,
Rob A.
EDIT: I have managed to make Google accept the URL, however now it is not showing anything on the chart, as its filling in the &chd=t: field with instead of the figures within that variable.
The URL reads like this:
http://chart.apis.google.com/chart?&chs=340x175&chd=t:%3C?=$filedetail[1]?%3E&cht=lc&chtt=Test
If oyu say Google is complaining about the ?=$filedetail, chances are you are doing this in a file that is not being parsed by PHP, for example a file that ends with .html or .htm.
You can see whether this is the case by looking into the page's source code in the browser. If you see the PHP command in the source as you wrote it above, the PHP code was never executed.
The easiest way to fix that, if that's the problem, would be to switch to a .php file extension.
In URLs, literal & should be written as &
Edit: And you can't do ?&chs -- it should be ?chs. The line breaks are probably going to break the URL too...