skip to Main Content

This is the HTML/PHP before being stored in the database:<li><a href="<?= dots('duo/'); ?>"><?= $item->item['Manufacturer']; ?></a> <span class="divider">|</span></li>

This is the HTML/PHP after being stored in the database:

&lt;li&gt;&lt;a href=&quot;&amp;lt;?= dots(&#39;duo/&#39;); ?&amp;gt;&quot;&gt;&amp;lt;?= $item-&amp;gt;item[&#39;Manufacturer&#39;]; ?&amp;gt;&lt;/a&gt; &lt;span class=&quot;divider&quot;&gt;|&lt;/span&gt;&lt;/li&gt;

I assign this result to a variable:

$crumbles = $details['Crumbs'];

I echo the result like so:

<?php echo html_entity_decode($crumbles); ?>

But it returns this when I view source. It’s not evaluating any of the PHP in the string.

<li><a href="&lt;?= dots('duo/'); ?&gt;">&lt;?= $item-&gt;item['Manufacturer']; ?&gt;</a> <span class="divider">|</span></li>

It shows in the browser as <?= $item->item['Manufacturer']; ?> |

How can I get it to evaluate the PHP as well as display the html correctly?

EDIT: Here is the code that handles the input into the DB. It serializes the form data (url, crumbs, meta info, etc) and adds it to an ajax queue.

$("form#seo_add").submit(function(e) {
    console.log(this);
    var data            = $(this).serializeArray(),
        $commitBtn      = $(this).find("button"),
        form_incomplete = false,
        queueData       = ['seo_add', data];

When fired, the queue controller runs $this->seo->add($seo_add, $user);
Which is modeled like this:

function add($data = null, $username = null) {
    if (!is_array($data) || is_null($username)) die("Expecting new pageinfo");

    //if a single item is being inserted, add it to a parent array so iteration works
    if (!is_array($data[0]))
    {
        $data = array($data);
    }

    foreach ($data as $key => $page)
    {
        if (isset($page['section'])) unset($page['section']);
        if (isset($page['action'])) unset($page['action']);

        $add = $this->db->insert('pageinfo', $page);


        $page = array_merge(array('id'=>$this->db->insert_id()), $page);

        $last_queries[$key]['type'] = 'seo_add';
        $last_queries[$key]['html'] = "New page: <b>" . $page['page'] . "</b>";
        $last_queries[$key]['data'] = $page;
    }

    if ($this->db->_error_message())
        $this->db_error('Unable to insert page');

    return log_changes($last_queries, $username, $this->site);
}

2

Answers


  1. I suggest using placeholders.

    $html = '<li><a href="[href]">[item]</a> <span class="divider">|</span></li>';
    

    I suggest not saving the html encoded. This would do the trick for you I guess:

    $html = str_replace(['href','item'],[dots('duo/'),$crumbles],$html);
    

    Probably you’ve to encode the $crumbles or dots(‘duo/’) if that is user input.

    Login or Signup to reply.
  2. Your PHP tags are being double encoded at your PHP tags &amp;lt; so you can run html_entity_decode over it twice.

    Even if your php tags were decoded they would never be interpreted by PHP since you’re echoing them out straight away, the way around this is to run what your database returns through eval like so:

    $crumbles = html_entity_decode(html_entity_decode($crumbles), ENT_QUOTES);
    eval("?>{$crumbles}<?");
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search