Hi,

I am trying to create form having field textbox. I typed a variable say $a = 10 in the textbox.What I want is to print the value of the variable.

Let me know the steps.

Thanks

Recommended Answers

All 6 Replies

Hi,

I guess you are mixing things here: when you submit input through a form, you get a string, so here you are going to parse a string not a variable, only by evaluating the string you could execute it and get the variable value, but this is risky because the client can execute whatever.

You could use preg_match to match the assignment operator (=) but in PHP you can write variables like these:

${'a=b'} = 'hello';
$a = $b = $c = 'hello';

And it becomes very difficult to match the correct value: hello, instead of b/$b/$c.

I think a better approach is to use token_get_all():

But it requires a little workaround, you have to prepend the opening tag <?php to the received input otherwise it will parse it as HTML.

An example:

<?php

    $input  = '$a = "hello"';
    $input  = '<?php ' . $input;
    $parsed = token_get_all($input);
    $result = '';
    $tokens = array(
        T_DNUMBER,
        T_ENCAPSED_AND_WHITESPACE,
        T_LNUMBER,
        T_NUM_STRING,
        T_STRING
        );

    foreach($parsed as $key => $value)
    {
        if(is_array($value) && in_array($value[0], $tokens))
        {
            $result = $value[1];
            break;
        }
    }

    echo $result;

Which returns hello.

how about direct input
<input type="text" value="10" />

Thanks for the reply.

The senario is : I have created an email template whose body can changed by the admin. I want to send the User name and password in the email by using the template. That user name and password comes from the database and saved in the variables. Now how would I type the variable in the text editor so that the same can be reflected in the email.

Regards

Member Avatar for diafol

If you're creating a template, then you could as cereal suggests, create a preg_replace (or simple str_replace) by introducing known placeholders:

The username is <<username>>, and the password is <<password>>.

You then have a list of possible placeholders the user could use, e.g. <<username>>, <<password>>, <<email>>, etc. and replace with $username, $password, $email etc. This could avoid using eval() which can be a huge security risk, but which probably wouldn't work with your implementation anyhow.
Another option would be to use heredoc syntax and pass the string to a variable once the form was submitted. Again there may be issues with that.

<html>
<body>

<form name='form' method='post' action="testing2.php">

Name: <input type="text" name="name" id="name" ><br/>

<input type="submit" name="submit" value="Submit">

</form>
</body>
</html>

<?php
$name = $_POST['name'];
echo $name;
?>

Member Avatar for diafol

@mack1

Giving you the benefit of the doubt so far, but your posts to date have been a bit obscure and out of context. It surely seems that you're using this account to promote your sig links. The next posts not spot on-topic will be removed.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.