在html中使用php代码...在php中 [英] Using php-code in html... in php
问题描述
想象一下,您有一个存储文章的mysql数据库.
Imagine you have a mysql db storing articles.
html的存储方式如下:
The html is stored like so:
<h1>I'm just foo</h1>
<p>Lorem ipsum dolor sit amet, consectetuer adipiscing elit.</p>
<p>Lorem ipsum dolor sit amet, consectetuer adipiscing elit.</p>
...
,并使用mysql_query显示并运行结果.
And displayed using a mysql_query and running through the results.
但是这里有个难题:您可能不时需要使用预定义的函数,例如在html中插入地图.用户如何在html中输入呢?我不能很好地输入:
But here's the rub: Every now and then you might want to use a predefined function, for instance to insert a map in the html. How does the user input that, in the html? I can't very well just input:
<?php insertMap() ?>
那样将其渲染为带有内部php-tags的php-tags.
as that would render as php-tags with php-tags inside.
我看到不同的CMS对它的处理方式不同.例如,使用{{{insertMap}}}调用函数.但是,然后,我如何遍历代码,寻找{{{}}}并将其作为函数运行?
I've seen different CMSes handling it differently. For instance using {{{insertMap}}} to call a function. But then, how do I run through the code, looking for {{{}}} and running it as a function?
我和Google都认为eval()是解决方案的一部分(尽管存在安全风险?),但是最欢迎您提出任何建议,指针等!
Google and I have a feeling eval() is part of the solution (although a security risk?), but any suggestions, pointers etc. are most welcome!
推荐答案
基本上,您在存储的内容中进行查找和替换以匹配那些占位符(可以自由决定其格式)并用结果替换它们评估从它们派生的表达式的过程.不必(也不是个好主意)使用eval,您可以很容易地滚动自己的类似eval的代码,该代码仅支持eval的安全子集.
Basically you do a find and replace within your stored content to match those placeholders (the format of which is something you can freely decide) and replace them with the result of evaluating an expression that you derive from them. It is not necessary (or a good idea) to use eval for this, you can very easily roll your own eval-like code that only supports a safe subset of what eval does.
假设您选择{{{xxx}}}作为占位符模板.要进行匹配,最简单的方法是通过preg_match 或同一个家族中的其他函数;由于我们也希望替换并且我们希望动态生成替换,因此我们将使用
Let's say you pick {{{xxx}}} as your placeholder template. To match it, the easiest way is to use regular expressions through preg_match or another function in the same family; since we want to replace as well and we want the replacement to be produced dynamically, we 'll go with preg_replace_callback.
要替换的模式将为'/{{{([a-zA-Z_]+)}}}/',它与花括号之间的一个或多个字母和下划线的序列匹配.括号中有正则表达式特定的语法,因此我使用了它们,以便以后可以轻松地仅引用其中的部分(例如,模板"的名称),而不必大括号.
The pattern to replace will be '/{{{([a-zA-Z_]+)}}}/', which matches a sequence of one or more letters and underscores between the curly braces. The parentheses in there are regular-expression-specific syntax and I used them so that I can later easily refer to just the part within (the name of the "template" let's say) without being bothered by the braces.
回调将是一个在给定模式下产生替换内容的函数:
The callback is going to be a function that produces the replacement content given a pattern:
function produce_replacement($match) {
// $match[1] means "the part of the template inside the braces";
// read up on the documentation of preg_replace_callback for more.
$producerName = 'evaluate_'.strtolower($match[1]);
return function_exists($producerName) ? $producerName() : null;
}
此函数旨在采用模板名称(例如{{{xxx}}}中的xxx),并查看是否存在名为evaluate_xxx的函数.如果是这样,它将调用该函数并返回结果;否则,它将返回结果.如果不是,则返回null.无论如何,结果将是替换原始文本中的模板.
This function is designed to take a template name (e.g. xxx in {{{xxx}}}) and see if a function called evaluate_xxx exists. If it does, it calls the function and returns the result; if not, it returns null. In any case, the result will be the replacement of the template in your original text.
重要提示:这是一项设计决定,可为实现提供安全性!我们已经做到这一点,以便用户可以在文本中使用他们想要的任何模板",但是这些模板会
Important: This is a design decision that provides security to the implementation! We have made it so that the user can use any "template" they want inside the text, but those templates will only result in code being executed if that code resides within a function named evaluate_xxx or similar. Given that the presence or absence of these functions is something that you control, the user is restricted in what their markup can actually do.
因此您现在可以拥有:
$text = "Hello there {{{name}}}!";
$pattern = '/{{{([a-zA-Z_]+)}}}/';
$text = preg_replace_callback($pattern, 'produce_replacement', $text);
echo $text;
function evaluate_name() {
return "Joe";
}
查看实际效果 .
See it in action.
这篇关于在html中使用php代码...在php中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
