Jump to content


Photo

no output, what's wrong!

php sql html

  • Please log in to reply
2 replies to this topic

#1 jac.kock

jac.kock

    Advanced Member

  • Members
  • PipPipPip
  • 52 posts
  • Locationnetherland

Posted 02 February 2013 - 09:02 AM

hi all,

im making a CMS and the website uses a php page main to display pages stored in the sql database!

now my problem is that everything works fine but wen i call a page from de db with html and php code it will not display the php code,
i work whit str_replace to replace %php_open% to <? and %php_close% to ?> because sql don't saves <?php i write the pages as %php_open% tot save in cms.

this works fine and when i want to open the page all htm is visable but the php is notm when i open the source in the browser i see the php nice and well as it should be.

what am i doing wrong to show the php ??

SOURCE CODE:

</td>

<td width="98%">

<br />
<

b>Notice</b>: Undefined index: admin in <b>/home/vhosts/pc-hulp-online.nl/subdomains/test/httpdocs/main.php</b> on line <b>16</b><br />
<?

function getIp() { if( isset( $_SERVER[ "HTTP_X_FORWARDED_FOR" ] ) ) { $return = $_SERVER[ "HTTP_X_FORWARDED_FOR" ]; } else if( isset( $_SERVER[ "HTTP_CLIENT_IP" ] ) ) { $return = $_SERVER[ "HTTP_CLIENT_IP" ]; } else { $return = $_SERVER[ "REMOTE_ADDR" ]; } return $return; } ?> <H1>Uw external IP:</H1><P>Deze is door uw provider aan u toegewezen, en kan nodig zijn bij speciaal ontwikkelde software zoals bijv. een chat server of andere servers zoals een FTP of HTTP server, of bij Remote desktop services </P><P>Uw huidige external IP Adres is: <? getIp(); ?></P><P><FONT color=#ff0000>Copyright by pc-hulp-online.nl ©®20013 </P></FONT> </td>

<td width="1%">

&nbsp;

</td>

this ia exactly what it should be after getting it out off the db and replaced the %php_open% strings why don't display the IP???

can someone help me??

thnx jamie kock (holland)
jamie

Newbee (from holland)

#2 PFMaBiSmAd

PFMaBiSmAd

    Advanced Member

  • Staff Alumni
  • 16,767 posts
  • LocationColorado, U.S.A.

Posted 02 February 2013 - 04:49 PM

This is going to be all negative, but here's what's wrong with what you are trying to do -

A) There's nothing that would prevent <?php from being saved by a query. Whatever problem you were having doing that needs to be solved.

B) Databases are for storing data, not server-side code.

C) The C in CMS stands for Content. Php server-side code is not Content.

D) The method you would need to use to accomplish this comes with a Cautionary warning in the php documentation -

Caution
The ______ (statement name removed) language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.


So, if any user supplied content that is output on your cms also contains php code, that code would get executed.

Edited by PFMaBiSmAd, 02 February 2013 - 05:24 PM.

Signature: (not a comment about anything you posted unless specifically indicated)
Debugging step #1: To get past the garbage-out equals garbage-in stage in your code, you must check that the inputs to your code are what you expect.

Programming is just problem solving, but it is done in another language. You must learn enough of the programming language you are using to be able to read and write code.

#3 PFMaBiSmAd

PFMaBiSmAd

    Advanced Member

  • Staff Alumni
  • 16,767 posts
  • LocationColorado, U.S.A.

Posted 02 February 2013 - 04:55 PM

The correct method is to only store content in your database using a template, where you have place holders in the template that get replaced with runtime values.
Signature: (not a comment about anything you posted unless specifically indicated)
Debugging step #1: To get past the garbage-out equals garbage-in stage in your code, you must check that the inputs to your code are what you expect.

Programming is just problem solving, but it is done in another language. You must learn enough of the programming language you are using to be able to read and write code.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com