Jump to content

Possible escaping quotes problem


niche
 Share

Recommended Posts

This script displays the way I need it to when I manually insert it into my script with the correct value for $expdat: <span style="background-color:yellow">Expires ' . $expdat . '. </span>How should I escape the quotes to be able to echo it from a mysql table?If I just INSERT it (as is) into a mysql table and echo it from there, it displays as: Expires ' . $expdat . '.

Edited by niche
Link to comment
Share on other sites

If you are saving the string of code in the database, then you can use eval to execute it as long as it is valid PHP code. Unlike an include file, eval assumes that this is PHP code, so if you have HTML output then the string should start with a closing PHP tag.http://www.php.net/manual/en/function.eval.phpIt may be a better idea to store printf-encoded strings and then substitute the values later.

Link to comment
Share on other sites

if $var = <span style="background-color:yellow">Expires ' . $expdat . '. </span>How close is this script to working?:$var = eval($var);echo '<p style="font-size:9px;margin:0px;">' . $var . '</p>';

Link to comment
Share on other sites

$var is not set to PHP code, it's set to HTML code, then a single quote, then a period, etc. If this is actually the exact text in your database:

<span style="background-color:yellow">Expires ' . $expdat . '. </span>

Then the first thing you need to do is make it a valid string. There are single quotes to end the string and print the variable, but there's not a single quote to start or end the string. So if that's really what you have then you need to add those quotes before and after the string, and also assign it to a variable or use a return statement.$var = eval("return '" . $var . "';");You can print that out to test, what you print should be a valid line of PHP code or eval won't work.echo "return '" . $var . "';";If you were using printf syntax then you could store this in your database and not mess around with eval:<span style="background-color:yellow">Expires %s</span>

Link to comment
Share on other sites

This:

$expdat = "06/09/12";$var = "<span style=\"background-color:yellow\">Expires \' . $expdat . \'. </span>";$var = eval("return '" . $var . "';");echo "return '" . $var . "';";

Produces this: return 'Expires ' . 06/09/12 . '. ';I need this: Expires 06/09/12.Then, I began to see the pattern and went to this (which gave me what I needed in this example):

$var = "<span style=\"background-color:yellow\">Expires   $expdat.</span>";$var = eval("return '" . $var . "';");echo  $var ;

However, how does eval() put $var together? If it's the return key word, why isn't it used in http://www.w3schools.com/php/func_misc_eval.asp?

Link to comment
Share on other sites

This is related to my last thread.This works when $var = "<span style=\"background-color:yellow\">Expires $expdat.</span>";

$expdat = "06/09/12";$var = "<span style=\"background-color:yellow\">Expires   $expdat.</span>";$var = eval("return '" . $var . "';");echo '<div style="float:left;width:288px;height:25px;margin:0px 0px 0px 5px;">';echo '<p style="font-size:9px;margin:0px;">' . $var . '</p>';echo '</div>';

But when $var comes from the same value in an element from a mysql table, the script fails.Expires 06/09/12. turns into Expires $expdat. The on only difference between these values is that one comes from a mysql table and the other definition for $var is as above. What's the difference do you see that I don't?

Link to comment
Share on other sites

I'm struggling to understand why a value that's manually defined in a script works and why it doesn't work when it comes from a mysql table using eval().This displays properly when it's manually entered:

$dclaim = "<span style=\"background-color:yellow\">Expires   $expdat.</span>";$var = eval("return '" . $dclaim . "';");echo '<p style="font-size:9px;margin:0px;">' . $var . '</p>';

This doesn't (and I don't see the difference):

//$dclaim same as above except from a mysql table including escaped quotes$var = eval("return '" . $dclaim . "';");echo '<p style="font-size:9px;margin:0px;">' . $var . '</p>';

What am I still missing?

Edited by niche
Link to comment
Share on other sites

However, how does eval() put $var together?
I'm not sure what you're asking.
If it's the return key word, why isn't it used in http://www.w3schools.com/php/func_misc_eval.asp?
Because the W3schools examples are not complete. Look at the Return Values section of the manual page:http://www.php.net/manual/en/function.eval.php
The on only difference between these values is that one comes from a mysql table and the other definition for $var is as above.
Eval is not doing the work in your code. In these lines:
$expdat = "06/09/12";$var = "<span style=\"background-color:yellow\">Expires   $expdat.</span>";

Since you're using double-quotes around the string $var, the variable replacement happens right then. If you print out $var before sending it to eval you'll see that it already has the value filled in.

What am I still missing?
You're missing showing the data from the database so we can figure out why it's not working.Let me know when you're ready to move on from eval and use sprintf instead. The two major problems with this approach so far are that you are storing actual variable names in the database (what if the variable names change? do you want to update everything in the database that uses them?), and that this approach relies on eval. Using sprintf means that you don't need to rely on variable names, you don't need to escape quotes or whatever else in the string, and you don't need to mess around with eval. Sprintf is made for this type of thing, but your original question already had the variable name in the string so that's the direction I went.
Link to comment
Share on other sites

OK.I need to display (with yellow BG): Expires 06/09/12.This is the hole in my script:< div><p style="font-size:9px;margin:0px;">Something that says: "Expires 06/09/12" (with a yellow BG)</p>;</div>This displays what I need, but everything between the <span> needs to come from the mysql table:printf("<p style=\"font-size:9px;margin:0px;\"> <span style=\"background-color:yellow\">Expires %s. </span></p>",$expdat);Here's the mysql query:include_once "connect_to_mysql.php";$result = mysql_query("SELECT * FROM stk WHERE id = 288") or die(mysql_error());while ($row = mysql_fetch_array($result)) { $id = $row['id']; $pic = $row['pic']; $pic2 = explode("-",$pic); $expdate = $pic2[3]; $expdat = substr($expdate,2,2) . "/" . substr($expdate,4,2) . "/" . substr($expdate,0,2); $dclaim = $row['dclaim'];}value in $expdat = 06/09/12value in $dclaim = <span style=\"background-color:yellow\">Expires $expdat. </span> How do I change the printf() to sprinf() that displays: Expires 06/09/12 (with a yellow BG) using the values in $expdat and $dclaim (or something similar)?

Edited by niche
Link to comment
Share on other sites

This won't work:value in $dclaim = <span style=\"background-color:yellow\">Expires $expdat. </span>This will:value in $dclaim = <span style="background-color:yellow">Expires %s. </span>After that:$output = sprintf($dclaim, $expdat);

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...