Displaying page source in a frame

larpo

Hi,

I am relatively new to PHP, but have just managed to build my first web app; a set of scripts that allow users to pull records from a database, and display them in formatted tables on a page.

The page outputs HTML that is then for use as an HTML email.

I want to be able to show the page, and then show the html source directly underneath it, in an iframe so that the user can copy the html and paste it into their mail client (which has a parsed and unparsed view) before sending.

Ideally I would also like to be able to allow users to enter an email address, so that the page can be mailed to them directly, before being forwarded to the final recipient... but one step at a time.

Anyone have any tips for achieving either goal?

devinemke

store the HTML in a string and run it thru [man]htmlspecialchars[/man]

larpo

I kind of understand that you can do this:


<?php
$str = "A 'quote' is <b>bold</b>";

// Outputs: A 'quote' is &lt;b&gt;bold&lt;/b&gt;
echo htmlentities($str);

// Outputs: A &#039;quote&#039; is &lt;b&gt;bold&lt;/b&gt;
echo htmlentities($str, ENT_QUOTES);
?>

Which gives me the right idea, but I don't understand how you do this for large sections of HTML that have the occasional variable or array in it.

This is what my PHP looks like at the moment:


<?php


$apartment = $_POST['apartment'];


foreach ($apartment as $value){ 
$select=$select.",\"".$value . "\""; 
}
/* Remove Leading comma*/ 
$searchit=substr($select,1); 
/*Show the selected fields*/ 
$db="proposalsdb"; 
$link = mysql_connect("localhost","root","******"); 
if (! $link) 
die("Couldn't connect to MySQL"); 
mysql_select_db($db , $link) 
or die("Couldn't open $db: ".mysql_error()); 

$result=mysql_query("SELECT * FROM apartments WHERE apartment IN ($searchit)")
or die("SELECT Error: ".mysql_error());

$numrows=mysql_num_rows($result); 
$row_result = mysql_fetch_assoc($result);


if ($numrows > 0)
{

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<STYLE>
* { MARGIN: 0cm 0cm 0pt; FONT-FAMILY: Trebuchet MS, Verdana}
ul {
list-style-type:circle; padding-left:30px;}
</STYLE>

<META content="MSHTML 6.00.2800.1476" name=GENERATOR></HEAD>
<BODY leftMargin=1 topMargin=1 rightMargin=1>
<DIV style="BORDER-RIGHT: #5781ae 1px solid; PADDING-RIGHT: 20px; BORDER-TOP: #5781ae 1px solid; PADDING-LEFT: 20px; FONT-WEIGHT: bold; BACKGROUND: #5781ae; PADDING-BOTTOM: 10px; BORDER-LEFT: #5781ae 1px solid; COLOR: #ffffff; PADDING-TOP: 10px; BORDER-BOTTOM: #5781ae 1px solid">
<DIV align=left><IMG height=48 src="http://www.servicedapartmentsbristol.com/worldlogo.gif" width=75 align=middle><FONT face="Arial, Helvetica, sans-serif" size=3> Feel at home wherever you travel...</FONT></DIV></DIV>
<DIV style="BORDER-RIGHT: #5781ae 1px solid; PADDING-RIGHT: 20px; PADDING-LEFT: 20px; FONT-WEIGHT: normal; BACKGROUND: #ffffff; PADDING-BOTTOM: 0px; BORDER-LEFT: #5781ae 1px solid; COLOR: #000000; PADDING-TOP: 0px">
<p style='font-size:12px'>&nbsp;</P>
<p style='font-size:12px'><BR>Dear &lt;&lt;&amp;dear&gt;&gt; </P>
<p style='font-size:12px'>&nbsp;</P>
<P style="font-size:14px; "><STRONG>E-PROPOSAL for the supply of serviced apartment accommodation to &lt;&lt;&amp;company&gt;&gt;.</STRONG></P>

<TABLE style='BORDER-RIGHT: #5781ae 1px solid; BORDER-TOP: 0px; BORDER-LEFT: #5781ae 1px solid; BORDER-BOTTOM: #5781ae 1px solid' cellSpacing=0 cellPadding=10 width='90%' align=center>
<?   do { ?>

<TR bgColor=#000066>
<TH style='BORDER-RIGHT: 0px; BORDER-TOP: #5781ae 1px solid; FONT-SIZE: 14px; BORDER-LEFT: 0px; COLOR: #5781ae; BORDER-BOTTOM: #5781ae 1px solid; BACKGROUND-COLOR: #e6e1d2' scope=col colSpan=3>SACO SERVICED APARTMENTS -

<? echo $row_result['city']; ?>

</TH>
  </TR>
  <TR>
  <TD colspan='2'>
    <p style='font-size:12px'><A href='

<? echo $row_result['url']; ?>

'>

<? echo $row_result['apartment']; ?>

</A></P>
<P style='font-size:12px'>

<? echo $row_result['summary']; ?>

  </P></TD>
  <TD style='border-left:1px dotted #517dae' rowSpan=4><IMG src='<? echo $row_result['imgurl']; ?>' align=right></TD>
  </TR>
  <TR style='background-color:#EAF0F7' colspan='2' scope='col'>
  <TD style='text-align:right; border-right:1px dotted #517dae; border-top:1px dotted #517dae' width='270' valign='top'>
    <P align='left' style='font-size:12px' ><strong>Studio Apartment</strong></P></TD>
  <TD  style='border-top:1px dotted #517dae;' width='319' valign='top'><p style='font-size:12px'>&pound;<? echo $row_result['rate1']; ?></p></TD>
  </TR>
  <TR colspan='2' scope='col'>
    <TD style='text-align:right; border-right:1px dotted #517dae' valign='top'>
    <P style='font-size:12px' align='left'><strong>One Bedroom Apartment</strong></P></TD>
    <TD valign='top'><p style='font-size:12px'>&pound;<? echo $row_result['rate2']; ?></p></TD>
  </TR>
  <TR style='background-color:#EAF0F7' colspan='2' scope='col'>
    <TD style='text-align:right; border-right:1px dotted #517dae' valign='top'>
    <P style='font-size:12px' align='left'><strong>Two Bedroom Apartment</strong></P></TD>
    <TD valign='top'><p style='font-size:12px'>&pound;<? echo $row_result['rate3']; ?></p></TD>
  </TR>

  <? } while ($row_result = mysql_fetch_assoc($result)); ?>

</table>

</DIV>
<DIV style="BORDER-RIGHT: #5781ae 1px solid; PADDING-RIGHT: 20px; BORDER-TOP: #5781ae 1px solid; PADDING-LEFT: 20px; FONT-WEIGHT: bold; BACKGROUND: #5781ae; PADDING-BOTTOM: 5px; BORDER-LEFT: #5781ae 1px solid; COLOR: #ffffff; PADDING-TOP: 5px; BORDER-BOTTOM: #5781ae 1px solid">
<DIV align=left><A style="TEXT-DECORATION: none" href="http://www.sacoapartments.co.uk"><FONT face=Arial,sans-serif color=#ffffff size=3>SACO Worldwide - [url]www.sacoapartments.co.uk[/url]</FONT></A></DIV></DIV>
<DIV style="BORDER-RIGHT: #5781ae 1px solid; PADDING-RIGHT: 20px; BORDER-TOP: #5781ae 1px solid; PADDING-LEFT: 20px; BACKGROUND: #e6e1d2; PADDING-BOTTOM: 5px; BORDER-LEFT: #5781ae 1px solid; COLOR: #333333; PADDING-TOP: 5px; BORDER-BOTTOM: #5781ae 1px solid"><FONT face="Arial, Helvetica, sans-serif" size=1><STRONG><FONT size=3>Enquiries and Reservations: 0845 122 0405</FONT></STRONG><BR>Calls from outside the UK: + 44 117 970 6999<BR>Fax: 0117 974 5939 <BR><BR>SACO is the leading provider of serviced apartments worldwide with over 2000 apartments in over 50 major business travel destinations. <BR><BR>London, Amsterdam, Barcelona, Belfast, Birmingham, Bristol, Brussels, Cardiff, Dublin, Dusseldorf, Edinburgh, Frankfurt, Glasgow, Hamburg, Jersey, Leeds, Luxembourg, Madrid, Manchester, Melbourne, Milan, Munich, Newcastle, Nottingham, Paris, Reading, Rome, Singapore, Sydney, Tallinn, Vilnius, Zurich and many more...</FONT></DIV></BODY></HTML>


<?php

}
else
{
echo "You haven't selected any apartments";
}


?>


<?php
mysql_free_result($result);
?>

devinemke

if the code you are trying to display has embedded PHP then i would suggest you look at PHP's Output Control Functions. i would do the following:
1. store the HTML/PHP in a separate file
2. start an output buffer using [man]ob_start[/man]
3. [man]include[/man] the HTML file
4. capture the buffer to a string using [man]ob_get_contents[/man]
5. run that string thru [man]htmlspecialchars[/man]
6. display the escaped string in your iframe

larpo

Forgive my ignorance, but you've lost me... could you demonstrate a simple example?

devinemke

source.php

this file has <b>HTML</b><br>
<?php echo 'it also has <b>PHP</b>'; ?>

show_source.php

<?php
ob_start();
include('source.php');
$contents = ob_get_contents();
ob_end_clean();
$contents = htmlspecialchars($contents);
echo 'here is the source from source.php:<br><br>' . $contents;
?>

larpo

Hmm... I see what you mean, but sadly this doesn't seem to work in this context. my final page "finish2.php" is a page that is created on-the-fly depending on the options passed from a set of checkboxes in a form on the previous page. The form tells finish2.php which records to display from the db.

If I do this:

 

<?php 
ob_start(); 
include('finish2.php'); 
$contents = ob_get_contents(); 
ob_end_clean(); 
$contents = htmlspecialchars($contents); 
echo 'here is the source of your proposal:<br><br>' . $contents; 
?>

all I get is a mySQL error:

Warning: Invalid argument supplied for foreach() in c:\appserv\www\generator\finish2.php on line 7
SELECT Error: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1

Am I doing something daft?

devinemke

not being able to see the code for finish2.php i can't tell you exactly what is causing that error but the broader point is you have to change the logical flow of your script here:

you have a form
you have a form handler
the form handler spits out dynamic HTML based on the user input from the form.
you want the resulting HTML to be viewable as source code

if the above is correct (i think that is what you said you wanted to do) then you need to make a special form handler script. instead of pointing your form action tag to finish2.php point it to show_souce.php which (armed with all of the user input) will include finish2.php (which will create all of the dynamic HTML) and then spit out the source. make sense?

larpo

OK... that's starting to make more sense to me... ok, i'll play around with it. Like a challenge... :p

Thank you for your advice.

Do you have any suggestions for the second part of the problem - emailing the finished html page to a recipient?

devinemke

well, as per my code example, you have the entire HTML output as a string. simply feed that to the [man]mail[/man] function using the proper header syntax (read up on the [man]mail[/man] function about sending HTML mail).

larpo

Oh, and for info, i have attached the relevant files: build.php, apartments.php and finish2.php

larpo

Thanks... you're a genius... i've cracked it!

Now for the emailing... 😉

larpo

hmmm... well I thought I had cracked it, but it appears I haven't.

here is my code:

 
<?php 
echo "<br/><br/><h1>The End Result!</h1><br/><br/><p style='text-align:left;'>This is what your proposal will look like:</p><div style='border:1px solid #517dae; padding:25px; text-align:justify; margin: 0 auto; width:100%; height:400px; overflow:auto; background-color:#f4f1f1;' >";
include('finish2.php'); 

echo "</div>";

ob_start(); 
include('finish2.php'); 
$contents = ob_get_contents(); 
ob_end_clean(); 
$contents = htmlspecialchars($contents); 
echo "<br/><br/><br/><p style='text-align:left;'>Here is the source of your proposal: (hint: triple-click to select all)</p><div style='border:1px solid #517dae; padding:25px; text-align:justify; margin: 0 auto; width:100%; font-size: 8px; font-family:Courier; height:250px; overflow:auto; background-color:#f4f1f1;'>" . $contents; 

echo "</div>";
?> 

<p>Send this proposal to your own mail account by selecting your name from the list below:</p>
<form action="email.php"  method="POST" name="users">
<select name="users" >
<option value="user@email.com">Ben</option>
<option value="user2@email.com">Jo</option>
<option value="user3@email.com">David</option>
</select>

<input type="hidden" name="_submit_check" value="1"/> 
<input type="hidden" name="content" value="<?php echo $contents; ?>">
<input type="submit" name="submit" value="Send Email" />
</form>

</div>

The source code that gets printed in the second div is not the equivalent of the source code behind the content of the first div.
The output in $contents just has white space where the PHP was in finish2.php, and hasn't pulled the information from the database.

Any ideas?

devinemke

let's back up here. you need to do some basic debugging here with finish2.php (before moving on to showing the source). temporarily set the action tag of your form to test.php. then in test.php do the following:

<?php
ob_start();  

include('finish2.php');  

$contents = ob_get_contents();  

ob_end_clean();  

echo $contents;
?>

are you seeing the correct HTML output? if not then the problems lies with finish2.php, not with the show source script.

larpo

I have changed the form to point at a test.php, which looks like this:



<?php


$apartment = $_POST['apartment'];


foreach ($apartment as $value){ 
$select=$select.",\"".$value . "\""; 
}
/* Remove Leading comma*/ 
$searchit=substr($select,1); 
/*Show the selected fields*/ 
$db="proposalsdb"; 
$link = mysql_connect("localhost","user","*****"); 
if (! $link) 
die("Couldn't connect to MySQL"); 
mysql_select_db($db , $link) 
or die("Couldn't open $db: ".mysql_error()); 

$result=mysql_query("SELECT * FROM apartments WHERE apartment IN ($searchit)")
or die("SELECT Error: ".mysql_error());

$numrows=mysql_num_rows($result); 
$row_result = mysql_fetch_assoc($result);

echo "<div style='width:100%; background-color:#cccccc; height:100%; text-align:center;'><div style='width:80%;'>";

if ($numrows > 0)
{

include('finish2.php'); 

ob_start();   

include('finish2.php');   

$contents = ob_get_contents();   

ob_end_clean();   

echo $contents; 

}
?>

... The output is still incorrect...it's not pulling the data from the database... however, when you

include('finish2.php');

in test.php, without the output buffer, it shows the information correctly, which would suggest that finish2.php is not the problem.

What do you think?

By the way, thank you for your time on this. 🙂

larpo

ahh... i think I have spotted the problem... the output buffer appears not to work if I

include('finish2.php');

twice in the same script... is this a schoolboy error on my part?

I have tried include_once, but that only outputs the data... well, once.

devinemke

why are you including twice anyway? just start the buffer then include the file. you then have the HTML as a string that you can echo or mail or whatever you want to do with it.

larpo

wanted to show the parsed page above and the html below, so that the user can see both. i'll try it a different way.

Thanks for all your help.