Okay, I wrote a template script that eval's the code and displays it after it goes through all the code for the script. Here's the function.

   function render($cru) {
         $path = $this->rpath."admin/templates/";
         $style = $this->style;


//evaluate data
eval("\$cru[body] = \"$cru[body]\";");

//call header
$bit = $this->doc("header");
eval("\$bit = \"$bit\";");  echo $bit;

echo $cru[body];

//call footer
$bit = $this->doc("footer");
eval("\$bit = \"$bit\";");  echo $bit;

}

Here's the deal.... Occasionally I have a problem with when it tries to display text if the data entered into the database contains a " the eval goes all to heck and screws up the script. So I need a solution. Here's what I'm thinking tell me what you think.

I need a function(I have no idea what function to use) that scans the text a sees if it includes a ". If so then I need it to addslashes to the ". I don't want to addslashes if the text doesn't contain a ". So what's the best solution to fixing this? Am I on the right path or do you have a better idea? Any input would be great.

Thanks.

What about [man]htmlentities/man, which would convert " to

&quote;

??

Or, use [man]str_replace[/man]('"', "&quote;",$yourstring); ....

neither of those work because it's fixing the quote; however, $cru[body] contains html also... so doing that destroys my html.

OK then, str_replace('"','\"',$foo);

??

or ... addslashes() function ?

Cf http://fr2.php.net/manual/en/function.addslashes.php

yeah I kind of pseudo fixed it by using addslashes and stripslashes. That
str_replace('"','\"',$foo); is pretty close to being just addslashes. I'd really like to be able to apply this code to elements not within html tags. For example

<img src="here.jpg"> -- doesn't give me an error when it's eval'd.
bob said, "hey" -- does give me an error.

This is probably because I added addslashes() to the html at some point and not the text being pulled from the database. I could probably go back and fix this but strictly out of curiousity is there a way I could get addslashes to apply to text not within html tags?

no it's not.

$bit = "$bit"; doesn't interpret the variables within $cru[body] .

eval'ing it does.

Looking at the code there's nothing to indicate that $bit has anything to do with $cru['body'] whatsoever.

This could be interpreted as bad design .... as Rasmus Ledorf said "If eval() is the answer, you're probably asking the wrong question".

I agree completely with you Weedpacket

Okay let me break this down. $bit get's eval'd because it contains VARIABLES taken from an HTML DOCUMENT.

$cru[body] gets eval'd because it contains VARIABLES taken from the CODE and OTHER HTML DOCUMENTS.

$bit and $cru have nothing to do with each other besides they both contain information containing html and variables.

Now it may be bad code design; or whatever, that's why I'm asking in the first place.
If you have better ideas give them to me but telling me it's bad design doesn't do jack for fixing anything.

hm.
given that all variables that can come from html should be available via $_GET/POST/... or something similar it should be possible to do without eval, unless you actually want to dynamically generate code and execute it.

unless i understood your example wrong that is not the case...

hm. $this->doc("header"); should return a string I guess.
so

echo $this->doc("header");

should be enough for it to work.

hm. if im wrong here please give me a hint as to what you need to be done so I can think of something

jakob

[EDIT]
just to have mentioned it...

$str_a = "things we dont want to know";
echo "and he then said $str_a leaving the crowd gasping";

willl output: "and he then said things we dont want to know leaving the crowd gasping"

[/EDIT]

amPAR wrote:

Okay let me break this down. $bit get's eval'd because it contains VARIABLES taken from an HTML DOCUMENT.

$cru[body] gets eval'd because it contains VARIABLES taken from the CODE and OTHER HTML DOCUMENTS.

$bit and $cru have nothing to do with each other besides they both contain information containing html and variables.

Now it may be bad code design; or whatever, that's why I'm asking in the first place.
If you have better ideas give them to me but telling me it's bad design doesn't do jack for fixing anything.

Relax, we're here to help you

Can you show us what's inside $bit and/or $cru[body] ?

herve wrote:

Relax, we're here to help you

And we don't know any more about your design and what you want to do than what you've told us.

Weedpacket wrote:

And we don't know any more about your design and what you want to do than what you've told us.

correct, but next time you could just ask what information you need to know. Here I'll give you a direct example of the code.

Not all information is below so if there are some variables that you don't see where they are defined it's because I probably left out that piece of code. Hopefully I have added everything that is pertinent to the situation.

taken from class_tpl.php

class fetch_template {
    var $fdr_tplpath;
    var $style;
    var $rpath;

function bit($filename, $tpl) {
   $data = addslashes(implode('', file($this->path.$this->style."/$filename.html")));
   $data = explode("[TPL-BIT: $tpl]", $data);
   return $data[1];
   }


function doc($filename) {
   $data = addslashes(implode('', file($this->path.$this->style."/$filename.html")));
   return $data;
   }

   function render($cru) {
         $path = $this->rpath."admin/templates/";
         $style = $this->style;



eval("\$cru[body] = \"$cru[body]\";");

//call header
$bit = $this->doc("header");
eval("\$bit = \"$bit\";");  echo $bit;


echo $cru[body];

//call footer
$bit = $this->doc("footer");
eval("\$bit = \"$bit\";");  echo $bit;

}

   function render_inlet($cru) {
         $path = $this->rpath."admin/templates/";
         $style = $this->style;

//evaluate data
$cru[body] = stripslashes($cru[body]);
$cru[body] = addslashes($cru[body]);

  //evaluate data
   eval("\$cru[body] = \"$cru[body]\";");

$cru[body] = stripslashes($cru[body]);

//call header
$bit = $this->bit("inlets", "header");
eval("\$bit = \"$bit\";");  echo $bit;

echo $cru[body];

//call footer
$bit = $this->bit("inlets", "footer");
eval("\$bit = \"$bit\";");  echo $bit;

}

}

taken from locations.php

function location_add($tip = "0") {
    check_rank('4');

global $TPL;

if ($tip == "yes") {

$cru[tooltip] = "Select Below if you wish to ADD another LOCATION";
$cru[body] = $TPL->bit("inlets", "tooltip");
$TPL->render_inlet($cru);
exit;

}

  $body = addslashes($TPL->bit("inlets", "location_create"));

$cru[body] .= $body;

$TPL->render_inlet($cru);
exit;
}

taken from inlets.html

 [TPL-BIT: location_create]

<form action="$_SERVER[PHP_SELF]" method="POST">
<table cellpadding="0" cellspacing="0" class="intblfull">
     <tr>
        <td colspan="2" class="divfull">CREATE LOCATION
        </td>
     </tr>
     <tr>
        <td class="divleft">NAME:</td>
        <td class="divright">
           <input type="text" name="name" size="30" class="textbox">  

        </td>
     </tr>
	<tr>
        <td colspan="2" class="divfull">
		<input type="hidden" name="act" value="create_location">
		<input type="submit" value="CREATE LOCATION" class="normbutton">
        </td>
     </tr>
  </table>
</form>

[TPL-BIT: location_create]

Now if I can do this without using eval let me know how. I asked about this before and I was told to use eval so I don't know. Let me know what you would do.

I'd either use proper PHP in the templates (<?php echo $_SERVER['PHP_SELF']?>) and eval it with

eval("?>$bit");

(perhaps with output buffering so that I can capture it in a variable instead of generating output); if the templates were in separate files I could just include() the appropriate one (again with output buffering as needed); or use a custom variable markup that could be parsed and evaluated with [man]preg_replace[/man] or [man]preg_replace_callback[/man]. Actually, that last one could be done with this markup, if you've got some reliable way of telling which bits are variables and which bits are not (which is of course why PHP uses <?php ... ?> in the first place).

But I'm guessing that what is supposed to be going on here is

$bit = $this->bit('whatever');
$bit = str_replace('\', '\\', $bit); // escape any backslashes already present
$bit = str_replace('"', '\"', $bit); // dalecosp's suggestion
eval("\$bit = \"$bit\";"); //which is what herve said

Could also be done with heredoc quoting

eval("\$bit = <<<SOMETHINGTHATNEVERAPPEARSINABIT
$bit
SOMETHINGTHATNEVERAPPEARSINABIT;");

and then the escaping double quotes isn't needed. Of course, if all this is immediately going to be echoed then

eval("echo \"$bit\";");

would be more straightforward.

PS: with regards to the doc() and bit() methods; there's a function called [man]file_get_contents[/man], now.

okay first [man]file_get_contents()[/man].
Yeah I know that would be the best way of doing it but it's only valid as of php 4.3.+ and I was initially using 4.1.1. However, since I upgraded my server to 5.1 I believe. I'm not there now so I can't check but it's 5 something.

Anyway, the server this is going to be running on is a godaddy server that runs 4.3.1 I believe; so yes I could change over to file_get_contents() now. I probably will do that. Thanks for reminding me.

Next, eval.
So I'm taking it from everything you said there that eval will be needed? As far as writing it like a php file with <?php and ?>. The file you are looking at... the
TPL-BIT:LOCATION_CREATE from inlets is not exactly my best example.

In most cases their is a lot of php variables in the code. As you can see this is just a form that you input data into, there are other pages where the data is edited so I have to pull the information my mysql and display in it forms. Which usually means the file includes variables like $record->name in the input value.

I really don't want to go through and write <?php and ?> everytime I insert a variable.

as for this

eval("\$bit = <<<SOMETHINGTHATNEVERAPPEARSINABIT
$bit
SOMETHINGTHATNEVERAPPEARSINABIT;"); 

I have no idea what that means. I really don't understand eval. I mean I have a general idea of what it does but it's very general.

 $bit = $this->bit('whatever');
$bit = str_replace('\', '', $bit); // escape any backslashes already present
$bit = str_replace('"', '\"', $bit); // dalecosp's suggestion
eval("$bit = "$bit\";"); //which is what herve said 

So this pretty much just avoids the additions of slashes before \ and ' during my script and just adds them before ". That could be a smarter solution. I'll look into that when I start working with the script.

Does anybody have a good tutorial for template creation so I can see a more proper way to go about developing a template based script?

Thanks Weedpacket, good information, it helps a lot.