I and lately I'm seeing h() and e() functions in PHP. I have googled them, but they are so short that results don't give any idea of what they are. I got results like exponential or math related functions. For example:
<td><?php echo h($room['Room']['message']) ?></td>
Does anyone have an idea? or maybe they are not called functions? (I think I read about that very long ago, but I can remember its real name)
ADDED:
Thanks, for the replies. I am using CakePHP and also found an e() example:
<?php e($time->niceShort($question['Question'] ['created'])) ?>
If they were escaping somehow strings I think it would make sense, since I always see them right next the "echo"
I still don't know what they are ;(
As several readers have said, these are CakePHP-specific short-cuts. You can find them in the API docs at: here (for CakePHP 2.x)
I think I read that some of these are going to be removed in 1.3, personally I never used e() as typing echo really doesn't take that much longer :)
edit: e() is deprecated in 1.3 and no longer available in 2.0 see here
It looks like it might be CakePHP.
See e()
e (mixed $data)
Convenience wrapper for echo().
This has been Deprecated and will be removed in 2.0 version. Use
echo() instead.
See h()
h (string $text, string $charset = null)
Convenience wrapper for htmlspecialchars().
Most likely, they are dummy functions someone introduced for the sake of brevity. The h(), for example, looks like an alias for htmlspecialchars():
function h($s)
{
return htmlspecialchars($s);
}
So look for them in the include files. Espec. the ones with names likes "util.php" or "lib.php".
Likely the framework you're using is doing some escaping and has defined some short hands for htmlentities and htmlspecialchars or equivalents.
I'd do a search on whatever framework you're using for "function h("
They are probably functions defined and implemented by the group's code that you're looking at. I'm not aware of any e/h functions in the PHP language.
Nothing here:
http://us3.php.net/manual/en/function.h.php
http://us3.php.net/manual/en/function.e.php
There aren't any functions in PHP called h() and e(). They must be declared in the project you are working on. search for them and find out what they do.
In CakePHP h() is:
Convenience wrapper for htmlspecialchars()
For more information about Global constants and functions in CakePHP view this link
http://book.cakephp.org/2.0/en/core-libraries/global-constants-and-functions.html
I'd guess that h() escapes user-submitted data for safe output, and e() escapes for database insertion. Whatever the functionality, these are not stock PHP functions.
It's CakePHP.
echo h('some stuff')
Is just htmlspecialchar()ing the stuff.
If you are using a decent editor press ctrl and click on the function. It should take you to the function's declaration.
http://book.cakephp.org/view/121/Global-Functions these are shortcut functions in cakePHP
Many of them are deprecated in 1.3 so beware of using them yourself
h() is global function in CakePHP. Documents about h() for CakePHP version 2.5.7 : http://book.cakephp.org/2.0/en/core-libraries/global-constants-and-functions.html#global-functions
Laravel also use e() helper function to runs htmlentities over the given string.
echo e('<html>foo</html>');
// <html>foo</html>
documentation : https://laravel.com/docs/5.8/helpers#method-e
Related
Is it possible to add a removed/deprecated function to PHP5? Like session_is_registered, ereg, etc.
[update] solved for session_is_registered:
<?php
function session_is_registered($name) {
return isset($_SESSION[$name]);
}
thanks.
Of course you can do it by modifying and recompiling the PHP source code, however the first question you have to answer is Do I really need to this or I might be better to go for my IDE's find-and-replace function?
If there is a real need for this -- for whatever reason, maybe you can redefine those functions. I haven't test it yet, as I agree with others that functions and features get removed or deprecated for a good and mostly important reasons, so I'm not sure if it does work in a situation that the function is removed or depreciated, but you can try to redefine them either using runkit_function_redefine or
override_function.
In that case you have to simulate the functionality again -- probably with their good-to-go replacements, so again think twice before start doing that.
Say I have the following in my TPL file:
{$a}
and I want to apply certain PHP native functions (e.g. strip_tags) to that Smarty variable. Is this possible within the TPL? If so, how?
You can use any php function in a smarty template in the following way:
{$a|php_function_name}
or
{$a|php_function_name:param2:param3:...}
In the second example you can specify additional parameters for the php function (the first is always $a in our case).
for example:
{$a|substr:4:3} should result something like substr($_tpl_vars['a'],4,3); when smarty compiles it.
The best way is probably to create your own plugins and modifiers for Smarty. For your specific example, Smarty already has a strip_tags modifier. Use it like this:
{$a|strip_tags}
Very good question, it took me a while to completely figure this one out.
Call a function, passing a single parameter:
{"this is my string"|strtoupper}
// same as:
strtoupper("this is my string")
{$a:strtoupper}
// same as:
strtoupper($a)
Call a function, passing multiple parameters
{"/"|str_replace:"-":"this is my string"}
// same as:
str_replace("/", "-", "this is my string")
{"/"|str_replace:"-":$a}
// same as:
str_replace("/", "-", $a)
Or you can use this: (call function directly)
{rand()}
The whole point of templating systems is to abstract the creation of views from the underlying language. In other words, your variables should be prepared for displaying before they are passed to a templating engine, and you should not use any PHP functions in the template itself.
Smarty already has a Language Modifier built in for this.
{$a|strip_tags}
You don't need Native functions as there already integrated into the plugin system
http://www.smarty.net/docsv2/en/language.modifier.strip.tags.tpl
others here:
http://www.smarty.net/docsv2/en/language.modifiers.tpl
Is there a way to remove function alias in PHP?
I can rename my function but it would be nice to use name "fetch".
Problem:
I just tested the following code and it appears to work for me, but perhaps it is because I don't have the mysqli library installed. I would test it because it might be more contextual than your IDE will have you believe. It seems to be a method for mysqli, but it might not be a global function.
<?php
function fetch(){
echo 'Hello world!';
}
fetch();
No.
(Short of recompiling the PHP binary)
This is more of a function of the IDE than the actual language... Some IDEs may give you that ability... I don't even know if recompiling the PHP binary (as Alan Storm suggested) would help since sometimes the stuff is hardcoded into the IDE / use the PHP docs online
For completeness sake: Normally, no, this can not be done. However: this can be done using a PECL extension called "runkit".
Runkit is described as "For all those things you probably shouldn't have been doing anyway", and allows you to basically tear out the innards of PHP from within PHP itself. Replacing built-in functions, undefining constants, unloading classes - suddenly everything is possible. And you should really question what you are doing if you ever feel you need it - odds are what you are doing violates some principles that are there for very good reasons, you just don't know them yet. I've never found a situation where using Runkit was a genuinely Good Idea.
Oh, in order to remove built-in functions you'll specifically need to enable this capability in your php.ini
(have fun!)
I find myself in the situation where I need to call a PHP function stored as a string from another PHP function.
<?php
$phpcodestring = "<?php echo 'Hello World!' ?>";
echo $phpcodestring;
?>
How can I get Hello World to render to screen with the above structure?
Back up a few steps - why do you need to do that?
99.9% of the time there is a better way than eval().
Or you could use create_function() which internally uses something like eval() so isn't much better, especially when you are not defining the function body directly with a string literal so you can be sure there and then there is nothing potentially dangerous.
You can use the infamous eval() if you thoroughly trust the source of the string. How the hell did you find yourself in that situation?
Sounds like a case of eval().
eval("echo 'Hello world!';");
You should always consider whether it's a good idea or not, though. Security considerations of eval() can be daunting.
G
You can use the eval() function: http://php.net/manual/en/function.eval.php
eval($phpcodestring);
An alternative approach would be to use create_function method, which is a poor implementation of lambda-style functions in PHP.
In PHP you have the create_function() function which creates a unique named lambda function like this:
$myFunction = create_function('$foo', 'return $foo;');
$myFunction('bar'); //Returns bar
Is this actually any better (apart from being more easy) then just doing:
do{
$myFunction = 'createdFunction_'.rand();
}
while(function_exists($myFunction));
eval("function $myFunction(\$foo) { return \$foo; }");
$myFunction('bar'); //Returns bar
Is create_function really better? (apart from the fact that it is more easy)
Using eval() will clutter the global function list, create_function() will not, apart from that there's no big difference. However, both methods require writing the function body inside a PHP string which is error-prone and if you were working on my project I would order you to just declare a helper function using the normal syntax.
Anonymous functions in PHP are so poorly implemented that your code is actually better off not using them. (Thankfully this will be fixed in PHP 5.3).
On my understanding of the relevant docs,[1] they both do the same thing, create_function() just comes up with a unique function name for you.
To address some other comments on this question:
create_function can be assigned to a variable making the function accessible to other parts of your code, whereas eval is only useful for the given scope.
It may well be that eval() runs in the current scope, but function definitions get dumped into the global namespace anyway.[2] So whenever you define a function, it will be accessible everywhere else in your program.
Using eval() will clutter the global function list, create_function() will not
create_function() only returns a string with the name of the new function,[3] not some special callback type. So, both techniques will pollute your global namespace.
So no, apart from create_function() being easier, it does not appear to be any better than eval().
Footnotes:
[1] http://au2.php.net/manual/en/functions.user-defined.php ; http://au.php.net/create_function ; http://au.php.net/eval
[2] http://au2.php.net/manual/en/functions.user-defined.php
[3] http://au.php.net/create_function
Personally, I've found that create_function() is extremely handy when sorting arrays.
In fact, I just searched the web, and it seems that the PHP documentation has a good example of this.
http://us.php.net/create_function
Scroll down to Example #3 Using anonymous functions as callback functions.
create_function can be assigned to a variable making the function accessible to other parts of your code, whereas eval is only useful for the given scope.
(apart from the fact that it is more easy)
I don't understand how you can dismiss this so readily. Given your two examples, which is easier to understand at a glance? Create_function tells you what you intend to accomplish. Eval doesn't.