Jump to content

Output as HTML instead of text (without mixing HTML and PHP). New lines?


Recommended Posts

Hi!

 

I'm new to PHP so bear with me =)

 

I have an assignment where I have to use PHP to get all enviromental variables and output them as HTML in the web browser. But I have to do this without mixing HTML and PHP in the same file.

 

Getting the enviromental variables is not a problem and I can also output them as HTML. But I can't get them to be on one line per variable.

 

Now I get:

name: valuename: valuename: valuename: valuename: value

and so on but I want it to be like:

name: value

name: value

name: value

 

 

Here is my HTML code:

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
        <head>
                <title>
                        3.1
                </title>
        </head>
        <body>
                <p>
                        ---insert---
                </p>
        </body>
</html>

 

And here is my PHP code:

<?php

# Set text/plain instead of text/html
header('Content-type: text/html');
$html = file_get_contents("page.html");

# Function that gets and prints all enviroment variables
function loop(){
        foreach ($_SERVER as $name=>$value )
        {
                echo "$name: $value\n";
        }
}

# Prints the contents of page.html and replaces ---insert--- with number of hits
eval("print \"" . addcslashes(preg_replace("/(---(.+?)---)/" . loop() . $html), '"') . "\";");

?>

 

 

Because of

header('Content-type: text/html');

\n in the foreach loop doesn't work. It works perfect if I replace it with <br /> but thats not allowed. It also works if I set text/plain instead of text/html but to output it as HTML is a requirement.

 

Any idea how I can solve this? Anything is appreciated as long as it doesn't break any rules.

Echo the contents inside of <pre> tags:

 

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
        <head>
                <title>
                        3.1
                </title>
        </head>
        <body>
                <p>
                       <pre>
                          -- insert --
                       </pre>
                </p>
        </body>
</html>

Ok I'm glad you did this when you're first learning, because:

never ever use eval() ever.

 

Now that that's out of the way:

 

 

<?php

# Set text/plain instead of text/html
header('Content-type: text/html');
$html = file_get_contents("page.html");

# Function that gets and prints all enviroment variables
function loop(){
        $string = '';
        foreach ($_SERVER as $name=>$value )
        {
                $string .= "$name: $value\n";
        }
        return $string;
}

# Prints the contents of page.html and replaces ---insert--- with number of hits
echo str_replace('---insert---', nl2br(loop()), $html);

?>

I've altered your loop() function to return a string, rather than echoing directly.  I've also used the nl2br function to change the newlines in loop()'s output to HTML line breaks.  Since your assignment specifies not using HTML in PHP, I didn't want to stick a "<br>" in that output.  I think removed your seriously dangerous eval() line and replaced it with a safer and saner str_replace.

 

-Dan

Ok I'm glad you did this when you're first learning, because:

never ever use eval() ever.

 

Now that that's out of the way:

 

 

<?php

# Set text/plain instead of text/html
header('Content-type: text/html');
$html = file_get_contents("page.html");

# Function that gets and prints all enviroment variables
function loop(){
        $string = '';
        foreach ($_SERVER as $name=>$value )
        {
                $string .= "$name: $value\n";
        }
        return $string;
}

# Prints the contents of page.html and replaces ---insert--- with number of hits
echo str_replace('---insert---', nl2br(loop()), $html);

?>

I've altered your loop() function to return a string, rather than echoing directly.  I've also used the nl2br function to change the newlines in loop()'s output to HTML line breaks.  Since your assignment specifies not using HTML in PHP, I didn't want to stick a "<br>" in that output.  I think removed your seriously dangerous eval() line and replaced it with a safer and saner str_replace.

 

-Dan

 

It worked! Really thanks!

Haha funny thing about the eval-line. I'm taking this PHP course online from a university and the teacher acctually recommended using that line for another assignment which is pretty much the same as this one, but with only 1 line.

 

Thats also why the comments are a bit off. They dont belong to this code

If you're taking a course where the professor recommended eval, drop the course.  I'm not even kidding.  Your original piece of code accepted data into the $_SERVER value and ran it through eval().  If a malicious user ever discovers this, they can put PHP code into the $_SERVER variable and literally delete your entire website.  eval is for testing and for very very high-level coding, it cannot ever be used for functionality, even as an example.  There is always a way to do it without running user-generated strings back through as PHP function calls.

If you're taking a course where the professor recommended eval, drop the course.  I'm not even kidding.  Your original piece of code accepted data into the $_SERVER value and ran it through eval().  If a malicious user ever discovers this, they can put PHP code into the $_SERVER variable and literally delete your entire website.  eval is for testing and for very very high-level coding, it cannot ever be used for functionality, even as an example.  There is always a way to do it without running user-generated strings back through as PHP function calls.

 

That bad, huh....

Well coding is not really my field expertise (more into servers and stuff). I had empty space to fill and I figured a course about serverside php could be useful sometime =)

You can't really understand how bad it is until you watch an entire server and database disappear because someone used eval.  It really should never ever be used for anything unless you're:

1)  A genius

2)  Just testing something locally

3)  Performing code reviews/unit tests on a non-public box

 

If you want to get into it with your professor, ask him "isn't it really insecure to use eval() without any kind of security involved? Should we be using this?"  See what (s)he says.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.