|
Posted by Jeff on August 1, 2008, 1:45 pm
Please log in for more thread options Álvaro G. Vicario wrote:
> *** someusernamehere escribió/wrote (Fri, 1 Aug 2008 09:03:15 -0700 (PDT)):
>> $foo = <<<bar
>> <form action="index.php" method="POST" name="user">
>> ............................................................................
>> HTML code here..............................................
>> .....................................................................
>> $lang = mysql_query("SELECT * FROM lang where selected != '*'");
>> ...................................................................
>> more PHP consults to mysql here
>> ......................................................
>> bar;
>
>> The question is how to escape the php code for display into HTML, what I
>> have done is comment it with <!-- and --> this works, but if I see the
>> page source code I can see all the php code commented here, and
>> obviously is insecure for the system, anyone know what to do?
>
> Heredoc syntax is similar to double quotes: you get variables replaced with
> their values, but that's all. You can't put PHP code inside.
Is there a way to do this:
function getSomething(){
return 'something';
}
$content = <<<MY_BLOCK
Insert the return for a function like: getSomething()
...
MY_BLOCK;
That's doable in perl with a trick and I suspect there is a way to do it
in php.
As for the ops question, I have no idea why you'd want to insert code
in the heredoc as you can assemble heredocs just like any variable.
$content .= <<MY_BLOCK
...
MY_BLOCK;
some code...
$content .= <<MY_BLOCK
...
MY_BLOCK;
Jeff
>
>
| 
XML Sitemap