How do I get a better separation of PHP files from HTML code?

Source: Internet
Author: User
Tags manual eval html page php file php code string format types of functions unique id

As you all know, PHP is a server-side embedded HTML scripting language. But by using embedded HTML as a Web site, the code quickly becomes large and uncontrollable. How can I make PHP code separate from HTML and make a Lib (template) like DW? Makes the page easier to modify and easier to maintain code?

Later, read a lot of articles, said phplib can be realized, conveniently looked at a few pages, feel dizzy brain rose, immediately did not look down the desire (that prawn if have this experience, please do not hesitate to enlighten, first thanked!). But the problem has to be solved, in the depressed for many days, a chance, to download the source of the VBB forum, Rough Read, found in addition to PHP files, rarely see HTML code. Thinking that's not the way I want it to be, see. Still Dizzy brain rise: (, The only harvest is to know that it put HTML in the database, through the PHP file call, after a series of processing, with the Eval function to bring the desired variables into the generated dynamic page. So I didn't look at the VBB source, to the Eval function. The PHP Chinese manual describes the eval function as follows:

Functions: eval ()

Miscellaneous Functions Library

Eval

Converts a value into a string.

Syntax: void eval (string code_str);

return value: None

Types of functions: Data processing

Content Description

This function can be used to substitute the value of a variable in a string, usually on the data that is being processed on the database. Parameter Code_str
For the string to be processed. It's important to note that the string to be processed matches the PHP string format, while at the end
Place to have a semicolon. The string that is processed using this function will go along to the end of the PHP program.

Usage examples

<?php
$string = ' Cup ';
$name = ' coffee ';
$str = ' This $string is fitted with $name .<br> ';
Echo $str;
Eval ("\ $str = \" $str \ ";");
Echo $str;
?>

The return value for this example is

$name is fitted in this $string.
This cup contains coffee.


There are no problems with the example test. However, when I tested the following code, there was an error:

?
$aa = ' My name is yyy! ';
$str = ' <input type= ' text "name=" TextField "value=" $aa ">";
Eval ("\ $str = \" $str \ ";");
Echo $str;
?>
Baffled, call for help, in the user proposed a series of solutions, finally in this way to run successfully:

?
$aa = ' My name is yyy! ';
$str = ' <input type= ' text "name=" TextField "value=" \ ' $aa \ ' ">";
Eval ("\ $str = \" $str \ ";");
Echo $str;
?>

However, when I inserted the $str into the table below and then extracted it again, it made a mistake.
He's dead.

Database Evaltest

# table structure ' envtest '

CREATE TABLE Envtest (
ID tinyint (4) not NULL auto_increment,
Sour Mediumtext,
PRIMARY KEY (ID),
UNIQUE ID (ID),
KEY id_2 (ID)
);

#表内容 ' Envtest '

INSERT into Envtest VALUES (' 1 ', ' <input type=\ ' text\ "name=\" textfield\ "value=\" $AA \ ">");

The PHP file is as follows:

?
$aa = ' My name is yyy! ';
$conn =mysql_connect (' localhost ', ' root ', ');
$sele = ' Select sour from envtest where id=1 ';
$res =mysql_db_query (' evaltest ', $sele);
$arra =mysql_fetch_array ($res);
$STR = $arra [' Sour '];
eval ("echo \" $str \ ";");
?>

Then look at the PHP Chinese manual, found such a word: "To be processed strings to match the PHP string format", what is called "in line with PHP string format" (Who knows, trouble to tell)? I don't know, I can't find it, I have to look at string processing functions. Found Htmlspecialchars () It seems to be available, so try one:

?
$aa = ' My name is yyy! ';
$conn =mysql_connect (' localhost ', ' root ', ');
$sele = ' Select sour from envtest where id=1 ';
$res =mysql_db_query (' evaltest ', $sele);
$arra =mysql_fetch_array ($res);
$str =htmlspecialchars ($arra [' sour ']);
eval ("echo \" $str \ ";");
?>

However, it appears on the page that:

<input type= "text" name= "TextField" value= "My name is yyy!" >

The variable is brought into success and can be displayed as not conforming to the requirements. View file source, the contents are as follows:

<input type= "text" name= "TextField" value= "My &bsp name &bsp is yyy!" >

Then look at the use of the Htmlspecialchars () of the manual, and find that the function does the following for the string:
& (and) Convert to &
"(double quotes) into"
< (less than) turn into <
> (greater than) convert to >
And then find, did not find the function of the opposite functions, so, I added a few lines of code, and then debug as follows, and finally succeeded.

<?php
function dehtml ($STR) {
$str =str_replace (' "', '" ", $str);
$str =str_replace (' < ', ' < ', $str);
$str =str_replace (' > ', ' > ', $str);
$str =str_replace (' & ', ' & ', $str);
return $str;
}
$aa = ' My name is yyy! ';
$conn =mysql_connect (' localhost ', ' root ', ');
$sele = ' Select sour from envtest where id=1 ';
$res =mysql_db_query (' evaltest ', $sele);
$arra =mysql_fetch_array ($res);
$str =htmlspecialchars ($arra [' sour ']);
Eval ("Echo dehtml (\ $str \);");
?>

After this code was successfully debugged, I added a variable to the Evaltest table with the source code of a complex HTML page.
Again the test, also succeeded.

In the Eval function usage, "to be processed strings to match the PHP string format", I think it is through the htmlspecialchars () function of the string bar, I do not know whether the right or not, to be the Fang Jia treatise.

The above method asks everybody Netizen test, if discover to have what mistake or have better solution than this, please tell me a sound,



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.