0

Hi,

I am trying to create form having field textbox. I typed a variable say $a = 10 in the textbox.What I want is to print the value of the variable.

Let me know the steps.

Thanks

5
Contributors
6
Replies
45
Views
2 Years
Discussion Span
Last Post by diafol
1

Hi,

I guess you are mixing things here: when you submit input through a form, you get a string, so here you are going to parse a string not a variable, only by evaluating the string you could execute it and get the variable value, but this is risky because the client can execute whatever.

You could use preg_match to match the assignment operator (=) but in PHP you can write variables like these:

${'a=b'} = 'hello';
$a = $b = $c = 'hello';

And it becomes very difficult to match the correct value: hello, instead of b/$b/$c.

I think a better approach is to use token_get_all():

But it requires a little workaround, you have to prepend the opening tag <?php to the received input otherwise it will parse it as HTML.

An example:

<?php

    $input  = '$a = "hello"';
    $input  = '<?php ' . $input;
    $parsed = token_get_all($input);
    $result = '';
    $tokens = array(
        T_DNUMBER,
        T_ENCAPSED_AND_WHITESPACE,
        T_LNUMBER,
        T_NUM_STRING,
        T_STRING
        );

    foreach($parsed as $key => $value)
    {
        if(is_array($value) && in_array($value[0], $tokens))
        {
            $result = $value[1];
            break;
        }
    }

    echo $result;

Which returns hello.

0

Thanks for the reply.

The senario is : I have created an email template whose body can changed by the admin. I want to send the User name and password in the email by using the template. That user name and password comes from the database and saved in the variables. Now how would I type the variable in the text editor so that the same can be reflected in the email.

Regards

0

If you're creating a template, then you could as cereal suggests, create a preg_replace (or simple str_replace) by introducing known placeholders:

The username is <<username>>, and the password is <<password>>.

You then have a list of possible placeholders the user could use, e.g. <<username>>, <<password>>, <<email>>, etc. and replace with $username, $password, $email etc. This could avoid using eval() which can be a huge security risk, but which probably wouldn't work with your implementation anyhow.
Another option would be to use heredoc syntax and pass the string to a variable once the form was submitted. Again there may be issues with that.

0

<html>
<body>

<form name='form' method='post' action="testing2.php">

Name: <input type="text" name="name" id="name" ><br/>

<input type="submit" name="submit" value="Submit">

</form>
</body>
</html>

<?php
$name = $_POST['name'];
echo $name;
?>

0

@mack1

Giving you the benefit of the doubt so far, but your posts to date have been a bit obscure and out of context. It surely seems that you're using this account to promote your sig links. The next posts not spot on-topic will be removed.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.