Question 215689 in Wordpress Question posted in
The official Wordpress documentation can be found here.

WordPress – How can I output a string as text, but execute any php-code inside it

I’m trying to build an email signature generator for all our clients, the signature for each client will be different, both in style and content. I’m trying to achieve this with WordPress and Formidable Forms, the setup is as follows:

  • We create a form for every client with the necessary fields. When the form is submitted, the user is redirected to a specific page that should contain a preview of the generated email signature and an output of the HTML that is used to setup their signature in an email client.
  • The page to which the user is redirected has an assigned page template and a custom field where we can put the full HTML code of the signature. Inside this HTML code, we need to output the information that was submitted through the form. Formidable Forms allows us to use shortcodes to output data from a field with an ID. The page url contains a parameter with the entry ID so I can get the data from the current entry when someone submits the form. The form ID is inside a custom field on the page where the user is directed to.

Since the HTML code is inside a string, I can easily output is as plain text so the user can copy it, but the PHP inside it as outputted as text as well. I need a way to output the HTML as text, but execute the PHP so the Formidable shortcodes are replaced by the actual data.

For example:

$content = "<h2><?php echo do_shortcode('[frm-field-value field_id=11 entry="2"]') ?></h2>"
echo $content;

// The output now: <h2><?php echo do_shortcode('[frm-field-value field_id=11 entry="2"]') ?></h2>

// I need it to be: <h2>My name</h2>

Is there a way to achieve this? We have full control over the HTML that will be filled in into the custom field so no malicious code is used.

Tags:

2

Answers


  1. 0

    you can use the eval() function,but it’s important to note that using eval() can be risky if you’re not careful with the input and potential code injection!

    something like this :

    $content = '<h2><?php echo do_shortcode("[frm-field-value field_id=11 entry="2"]"); ?></h2>';

$phpCode = preg_replace('/<?php/', '', $content);
$phpCode = preg_replace('/?>/', '', $phpCode);

ob_start();
eval($phpCode);
$output = ob_get_clean();

echo $output;

    good luck!

    Login or Signup to reply.
  2. 0

    You’re close, but it is the other way round:

    $content = do_shortcode('<h2>[frm-field-value field_id=11 entry="2"]</h2>');
echo $content; # <h2>My name</h2>

    Do not put PHP tags inside strings. That is only asking for trouble and you will also be confused when you spot <?php and similar within string data somewhere.

    Always keep data and code well separated.

    And take care the frm-field-value shortcode is properly returning HTML escaped contents, e.g. a "name" "Martha <the great>" turns into <h2>Martha &lt;the great&gt;</h2> as otherwise you would have HTML injection (the fun starts with unclosed <marquee>).

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search