ScorchPipe Posted February 8, 2012 Share Posted February 8, 2012 Hi! I'm new to PHP so bear with me =) I have an assignment where I have to use PHP to get all enviromental variables and output them as HTML in the web browser. But I have to do this without mixing HTML and PHP in the same file. Getting the enviromental variables is not a problem and I can also output them as HTML. But I can't get them to be on one line per variable. Now I get: name: valuename: valuename: valuename: valuename: value and so on but I want it to be like: name: value name: value name: value Here is my HTML code: <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> 3.1 </title> </head> <body> <p> ---insert--- </p> </body> </html> And here is my PHP code: <?php # Set text/plain instead of text/html header('Content-type: text/html'); $html = file_get_contents("page.html"); # Function that gets and prints all enviroment variables function loop(){ foreach ($_SERVER as $name=>$value ) { echo "$name: $value\n"; } } # Prints the contents of page.html and replaces ---insert--- with number of hits eval("print \"" . addcslashes(preg_replace("/(---(.+?)---)/" . loop() . $html), '"') . "\";"); ?> Because of header('Content-type: text/html'); \n in the foreach loop doesn't work. It works perfect if I replace it with <br /> but thats not allowed. It also works if I set text/plain instead of text/html but to output it as HTML is a requirement. Any idea how I can solve this? Anything is appreciated as long as it doesn't break any rules. Quote Link to comment https://forums.phpfreaks.com/topic/256698-output-as-html-instead-of-text-without-mixing-html-and-php-new-lines/ Share on other sites More sharing options...
premiso Posted February 8, 2012 Share Posted February 8, 2012 Echo the contents inside of <pre> tags: <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> 3.1 </title> </head> <body> <p> <pre> -- insert -- </pre> </p> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/256698-output-as-html-instead-of-text-without-mixing-html-and-php-new-lines/#findComment-1315952 Share on other sites More sharing options...
ScorchPipe Posted February 8, 2012 Author Share Posted February 8, 2012 Hmm... nothing happened by adding just that. Is there something else I need to do? Quote Link to comment https://forums.phpfreaks.com/topic/256698-output-as-html-instead-of-text-without-mixing-html-and-php-new-lines/#findComment-1315956 Share on other sites More sharing options...
ManiacDan Posted February 8, 2012 Share Posted February 8, 2012 Ok I'm glad you did this when you're first learning, because: never ever use eval() ever. Now that that's out of the way: <?php # Set text/plain instead of text/html header('Content-type: text/html'); $html = file_get_contents("page.html"); # Function that gets and prints all enviroment variables function loop(){ $string = ''; foreach ($_SERVER as $name=>$value ) { $string .= "$name: $value\n"; } return $string; } # Prints the contents of page.html and replaces ---insert--- with number of hits echo str_replace('---insert---', nl2br(loop()), $html); ?> I've altered your loop() function to return a string, rather than echoing directly. I've also used the nl2br function to change the newlines in loop()'s output to HTML line breaks. Since your assignment specifies not using HTML in PHP, I didn't want to stick a "<br>" in that output. I think removed your seriously dangerous eval() line and replaced it with a safer and saner str_replace. -Dan Quote Link to comment https://forums.phpfreaks.com/topic/256698-output-as-html-instead-of-text-without-mixing-html-and-php-new-lines/#findComment-1315961 Share on other sites More sharing options...
ScorchPipe Posted February 8, 2012 Author Share Posted February 8, 2012 Ok I'm glad you did this when you're first learning, because: never ever use eval() ever. Now that that's out of the way: <?php # Set text/plain instead of text/html header('Content-type: text/html'); $html = file_get_contents("page.html"); # Function that gets and prints all enviroment variables function loop(){ $string = ''; foreach ($_SERVER as $name=>$value ) { $string .= "$name: $value\n"; } return $string; } # Prints the contents of page.html and replaces ---insert--- with number of hits echo str_replace('---insert---', nl2br(loop()), $html); ?> I've altered your loop() function to return a string, rather than echoing directly. I've also used the nl2br function to change the newlines in loop()'s output to HTML line breaks. Since your assignment specifies not using HTML in PHP, I didn't want to stick a "<br>" in that output. I think removed your seriously dangerous eval() line and replaced it with a safer and saner str_replace. -Dan It worked! Really thanks! Haha funny thing about the eval-line. I'm taking this PHP course online from a university and the teacher acctually recommended using that line for another assignment which is pretty much the same as this one, but with only 1 line. Thats also why the comments are a bit off. They dont belong to this code Quote Link to comment https://forums.phpfreaks.com/topic/256698-output-as-html-instead-of-text-without-mixing-html-and-php-new-lines/#findComment-1315972 Share on other sites More sharing options...
ManiacDan Posted February 9, 2012 Share Posted February 9, 2012 If you're taking a course where the professor recommended eval, drop the course. I'm not even kidding. Your original piece of code accepted data into the $_SERVER value and ran it through eval(). If a malicious user ever discovers this, they can put PHP code into the $_SERVER variable and literally delete your entire website. eval is for testing and for very very high-level coding, it cannot ever be used for functionality, even as an example. There is always a way to do it without running user-generated strings back through as PHP function calls. Quote Link to comment https://forums.phpfreaks.com/topic/256698-output-as-html-instead-of-text-without-mixing-html-and-php-new-lines/#findComment-1316140 Share on other sites More sharing options...
ScorchPipe Posted February 9, 2012 Author Share Posted February 9, 2012 If you're taking a course where the professor recommended eval, drop the course. I'm not even kidding. Your original piece of code accepted data into the $_SERVER value and ran it through eval(). If a malicious user ever discovers this, they can put PHP code into the $_SERVER variable and literally delete your entire website. eval is for testing and for very very high-level coding, it cannot ever be used for functionality, even as an example. There is always a way to do it without running user-generated strings back through as PHP function calls. That bad, huh.... Well coding is not really my field expertise (more into servers and stuff). I had empty space to fill and I figured a course about serverside php could be useful sometime =) Quote Link to comment https://forums.phpfreaks.com/topic/256698-output-as-html-instead-of-text-without-mixing-html-and-php-new-lines/#findComment-1316203 Share on other sites More sharing options...
ManiacDan Posted February 9, 2012 Share Posted February 9, 2012 You can't really understand how bad it is until you watch an entire server and database disappear because someone used eval. It really should never ever be used for anything unless you're: 1) A genius 2) Just testing something locally 3) Performing code reviews/unit tests on a non-public box If you want to get into it with your professor, ask him "isn't it really insecure to use eval() without any kind of security involved? Should we be using this?" See what (s)he says. Quote Link to comment https://forums.phpfreaks.com/topic/256698-output-as-html-instead-of-text-without-mixing-html-and-php-new-lines/#findComment-1316224 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.