堆栈内存溢出
  简体   繁体   English

如何检索存储在mySQL表中的HTML / PHP代码并且没有注释掉PHP?

[英]How can I retrieve HTML/PHP code stored in a mySQL table and not have the PHP commented out?

 原文  2011-11-16 15:43:06       php/ mysql/ database

问题描述

I am storing in a mySQL table the HTML/PHP content of individual slides to be displayed on a single page. 我在mySQL表中存储要在单个页面上显示的各个幻灯片的HTML / PHP内容。

Here is an example of HTML/PHP code stored in the mySQL table: 这是存储在mySQL表中的HTML / PHP代码的示例: 

<p>Welcome <?php echo $userData['fname']; ?>!</p>

<p>You made it to the first slide!</p>

I retrieve the content of the slides in PHP with the following code: 我使用以下代码检索PHP中的幻灯片内容: 

<?php 

$fetchedPageSlideData = mysql_query("SELECT * FROM pageSlides WHERE pageID = $pageID ORDER BY 'order' DESC") or die(mysql_error());

    while ($pageSlideData = mysql_fetch_array($fetchedPageSlideData)) {

        $pageSlideContent =  $pageSlideData['content']; ?>

        <div><?php echo $pageSlideContent; ?></div>

    <?php }

?>

All of the HTML of the content displays correctly, but the PHP is inserted as follows: 内容的所有HTML都正确显示,但PHP插入如下: 

<!--?php echo $userData['fname']; ?-->

So the PHP is commented out and doesn't display. 因此,PHP已被注释掉,并且不会显示。

How can I retrieve the HTML/PHP code and have the PHP not commented out? 如何检索HTML / PHP代码并将PHP注释掉?

3 个解决方案

解决方案1
 2 已采纳  2011-11-16 15:59:55

It might be a better idea to use placeholder strings in the DB data. 在DB数据中使用占位符字符串可能是更好的主意。 Executing arbitrary php code from a DB can be dangerous. 从数据库执行任意PHP代码可能很危险。 PHP is Evil PHP是邪恶的

解决方案2
 1  2011-11-16 15:45:44

查看PHP函数eval(): http//php.net/manual/en/function.eval.php

解决方案3
 0  2011-11-16 16:43:46

Dropping in and out of the PHP interpreter makes your code rather difficult to read. 插入和退出PHP解释器会使您的代码很难阅读。 Consider: 考虑: 

<?php 
    $f = mysql_query(
      "SELECT * 
        FROM pageSlides 
        WHERE pageID = $pageID 
        ORDER BY 'order' DESC"
      ) or die(mysql_error());

    while ($d = mysql_fetch_array($f)) {
       print "<div>" . $d['content'] . "</div>\n";
    }

Regardless there is no implicit nor explicit mechanism here which would inject the comment tags you've presented. 无论如何,这里都没有隐式或显式的机制来注入您已经提供的注释标签。 However it may be the browser trying to make sense of the unescaped html code and <?php ... ?> tags. 然而,它可能是浏览器试图理解未转义的 HTML代码和<?php ...?>标签。

Try: 尝试: 

 print "<div>" . htmlentities($d['content']) . "</div>\n";

As a side note, you might consider using 作为旁注,您可以考虑使用 

   print "<div>" . highlight_string($d['content']) . "</div>\n";

Or do you mean that you actually want to run the code stored in the database - if so, you're asking for a world of pain. 还是您的意思是您实际上要运行存储在数据库中的代码-如果是这样,那么您将痛苦不堪。 Eval is not evil - but you really must know what you're doing to avoid getting bitten by it. 评估不是邪恶的-但是您必须真正知道自己在做什么才能避免被它咬住。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 html内的php代码被注释掉了 - php code inside html is being commented out HTML中的PHP代码被注释掉 - PHP code in HTML get commented out PHP 在 HTML 中被注释掉 - PHP gets commented out in HTML PHP代码被注释掉 - PHP code gets commented out 我的 PHP 代码被注释掉了 - My PHP code is commented out 如何从mysql将行检索到php / html表中 - How do I retrieve rows from mysql into a php/html table 用注释掉的代码将PHP插入HTML结果 - Inserting PHP into HTML Results in Commented-Out Code 如何使用MySQL从MySQL表中检索数据并将其插入QR码? - How can I retrieve data from MySQL table and insert it into QR code using PHP? HTML ..嵌入式PHP被注释掉 - HTML.. embedded PHP is commented out HTML文件中的PHP未运行或已被注释掉 - PHP in HTML files not running or being commented out
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM