Question 137026 in PHP Question posted in
Official manual can be found here.

Download user data by given formate PHP

Here I have an input example:

Example

When user enters formate like {login}:{ip}:{password} or {ip}|{:login} any formate, PHP gets from database these datas and add them to the txt file and the user downloads it.

Here is a result should look like:

Result
How to do it?

I tried this:

$text = '{login}:{password}:{ip}';
preg_match_all('/{[^}]*}/', $text, $matches);
$return = str_replace($matches[0], "", $text);
$splitter = substr($return, 0,1);

But it doesn’t works

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0 
    if (stripos($format, "{password}") !== false ) {
    $format = str_replace('{password}', $user->password, $format);
}
if (stripos($format, "{ip}")) {
    $format = str_replace("{ip}", $user->ip, $format);
}

  2. 0

    If I understand it correctly, login, password and ip are database field names. So you could only accept valid chars for DB field names instead of [^}]*, which might be too lax.

    You could start off with /{([a-z_]w*)}/gi instead.
    Test it here: https://regex101.com/r/4hg0aC/1

    The second step would be to validate that these field names really exist in
    your database table. If the DB doesn’t change, then you could have two ways to
    achieve it:

    • A) replace the regex with /{(login|password|ip)}/gi and then do
      a strtolower()
      of the matched group.
    • B) Check that the match is in a defined array of field names. This array
      could even be the result of a
      SQL query to get the field names.

    Then build your DB request with PDO to get
    the data.

    If you already have a variable containing the fields you want to expose, then
    you could simply check that the property exists or not.

    Example of PHP code:

    <?php
// The regex to capture any kind of variable (with wrong syntax accepted).
$regexTemplateVar = '/{([^}]*)}/i';
// The regex to see if the field name is kind of valid or not.
$regexValidField = '/^[a-z_]w*$/i';

// The input text is like a template.
$template = <<<END_OF_TEMPLATE
{login}:{password}:{ip}

What about other field names? `e-mail` would be acceptable depending on the DB but it's
probably not a good idea to create field names with special chars.

{_ipv6},{name},{non_existant_field},{1_not_ok_with_leading_numbers}
END_OF_TEMPLATE;

// For testing purpose, a demo $user variable.
$user = (object)[
    'name' => 'James Bond',
    'login' => 'james_007',
    'password' => 'should never be here, in any case!',
    'ip' => '145.56.87.42',
    '_ipv6' => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
];

// Search and replace with a custom function.
$output = preg_replace_callback(
    // The search pattern.
    $regexTemplateVar,
    // The callback function with access to some global variables.
    function($match) use ($user, $regexValidField) {
        $fieldName = strtolower($match[1]);
        // Check that the field name is valid or not.
        if (preg_match($regexValidField, $fieldName)) {
            if (isset($user->$fieldName)) {
                return $user->$fieldName;
            } else {
                return "{ERROR: '$fieldName' doesn't exist!}";
            }           
        }
        else {
            return "{ERROR: '$fieldName' is not valid!}";
        }

    },
    // The input string.
    $template
);

print $output;

    You can test it here: https://onlinephp.io/c/71e2d

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search