coolshrimp Posted July 28, 2015 Share Posted July 28, 2015 (edited) From Codes below what would be the best code to use? and why?All do the same thing and work.1. Insert variables <?php//Open the file.$fileHandle = @fopen("myfile.csv", "r") or die(print_r(error_get_last(),true));$count = 0;//Loop through the CSV rows.while (($row = fgetcsv($fileHandle, 0, ",")) !== FALSE) { $count++; // Skip First 2 Rows if ($count > 2) { if ($row[3] === 'TYPE') {?><td valign="center"><a href="<?php echo $row[4]?>" target="_blank"><img src="../../images/Logos/<?php echo $row[1]?>" style="max-width:<?php echo $row[2]?>px;" alt="<?php echo $row[0]?>"></a></td><?php } }}?> 2. Echo Each line <?php//Open the file.$fileHandle = @fopen("myfile.csv", "r") or die(print_r(error_get_last(),true));$count = 0;//Loop through the CSV rows.while (($row = fgetcsv($fileHandle, 0, ",")) !== FALSE) { $count++; // Skip First 2 Rows if ($count > 2) { if ($row[3] = 'TYPE') { echo '<td valign="center"><a href="'; echo $row[4]; echo '" target="_blank"><img src="../../images/Logos/'; echo $row[1]; echo '" style="max-width:'; echo $row[2]; echo 'px;" alt="'; echo $row[0]; echo '"></a></td>'; } }}?> 3. USING EOF <?php//Open the file.$fileHandle = @fopen("myfile.csv", "r") or die(print_r(error_get_last(),true));$count = 0;//Loop through the CSV rows.while (($row = fgetcsv($fileHandle, 0, ",")) !== FALSE) { $count++; // Skip First 2 Rows if ($count > 2) { if ($row[3] === 'TYPE') {echo <<<EOF<td valign="center"><a href="{$row[4]}" target="_blank"><img src="../../images/Logos/{$row[1]}" style="max-width:{$row[2]}px;" alt="{$row[0]}"></a></td>EOF; } }}?> Edited July 28, 2015 by coolshrimp Link to comment Share on other sites More sharing options...
justsomeguy Posted July 28, 2015 Share Posted July 28, 2015 The third way isn't "EOF", it's a heredoc. You can use any identifier other than "EOF" to enclose that. That's usually the preferred method because it's readable and you can still substitute variables. Link to comment Share on other sites More sharing options...
coolshrimp Posted July 28, 2015 Author Share Posted July 28, 2015 OK thank you.yes i know you can change the identifier "EOF" i didn't know the proper term "heredoc". third way is what im currently using like you said its easier to make changes and understand whats going on its not all broken up in to Echo's. and no need to escape characters.one more questionSay i have a comment form writing to the CSV file.Fields: Name, Email, Comment I want to load that CSV to a webpage.i know csv has no formatiing so currently i put <br><br> between paragraphs in the comment field and it prints out the break and web browser knows its HTML break and formats.but anyone could then submit malicious code and it would load on the site right?so is there a way i can filter out all HTML tags but allow formatting tags like <br>, <b>, <strong> ect? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 28, 2015 Share Posted July 28, 2015 PHP has a strip_tags function, but a better solution is to use something like HTMLPurifier. Link to comment Share on other sites More sharing options...
coolshrimp Posted July 28, 2015 Author Share Posted July 28, 2015 but strip_tags will remove all correct?id like to keep <br>, and <b> if possible.is there a way to strip_tags ignoring an allowed list? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 28, 2015 Share Posted July 28, 2015 You didn't look at the documentation, did you? Link to comment Share on other sites More sharing options...
coolshrimp Posted July 28, 2015 Author Share Posted July 28, 2015 yea i did after i sent the comment thanks. looking into it. Link to comment Share on other sites More sharing options...
coolshrimp Posted July 28, 2015 Author Share Posted July 28, 2015 can i simply do this?is this safe? strip_tags($comment,'tag you want to allow'); like strip_tags($comment,'<br><b>'); Link to comment Share on other sites More sharing options...
coolshrimp Posted July 28, 2015 Author Share Posted July 28, 2015 NVM i see this WarningThis function does not modify any attributes on the tags that you allow using allowable_tags, including the style and onmouseover attributes that a mischievous user may abuse when posting text that will be shown to other users. Link to comment Share on other sites More sharing options...
coolshrimp Posted July 28, 2015 Author Share Posted July 28, 2015 (edited) i think i just wont have any user inputs load without being checked Edited July 28, 2015 by coolshrimp Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now