将html / php代码存储到php变量中 [英] Store html/php code into php variable
问题描述
将PHP代码存入PHP变量的最佳/最安全的方法是什么?或者是有更好的解决方案,而不是将其存储到变量?编辑:抱歉,不包括我正在尝试做什么!我有一个文章模板,可以从数据库中提取所有信息(标题/日期/内容/等)并加载它。我有一个页面提交文章,我正在尝试做的是自动化文件创建过程。我想创建一个名为文章标题的文件,然后将模板代码写入它(因此包含模板代码并使用fwrite())的变量。我知道我可以将模板文件保留在网站上并复制/重命名它,但是如果有人在模板上发现了一个完整的混乱,并且我不想以纯文本的形式存储它。
如果您使用的是公共网站,我不建议在文件中存储文章等内容你的服务器。这很麻烦,安全 - 如果,内存效率低下,否则就是非正统的。
这可能是一个很好的使用MySQL数据库的情况。我假设你知道如何与使用PHP的人一起工作,但让我知道你是否知道如何。
通过这种方式,你可以存储HTML在数据库中使用PHP的 htmlentities()函数:
$ var = htmlentities($ var,ENT_QUOTES);
这样,所有html字符(例如<,>和引号)被安全地编码到数据库中。例如,
< strong>以下是HTML< / strong> 变成& ; lt; strong& gt;这里是HTML& lt; / strong& gt;
这样,如果你的模板有任何HTML,他们可以通过 mysql_query()轻松安全地检索并显示。
What is the best/safest way to store html mark up with php code in it into a php variable? Or is there a better solution rather than storing it into a variable?
EDIT: Sorry for not including what I am trying to do! I have a an article template that pulls all information (title/date/content/etc) from a database and loads it. I have a page where you submit an article and what I am trying to do is automate the file creation process. I want to create a file that is named the title of the article, then write the template code to it (hence the variable containing the template code and using fwrite()). I know I could just keep the template file on the website and copy it over/rename it, but if someone stumbles upon the template it is a complete mess, and I don't want to store it in plain text either.
If you're working with a public website, I would not recommend storing things like articles in files on your server. It's messy, security-iffy, memory-inefficient, and otherwise unorthodox.
This would probably be a great situation in which to use a MySQL database. I'll assume you know how to work with one using PHP, but let me know if you don't know how.
In this way, you could store the HTML in the database using PHP's htmlentities() function:
$var = htmlentities($var, ENT_QUOTES);
This way, all html characters (ex. "<", ">" and quotes as well) are encoded into the database safely. For example,
<strong>Here is HTML</strong> becomes <strong>Here is HTML</strong>
That way, if your templates have any HTML, they can be easily and safely retrieved through mysql_query() and displayed.
这篇关于将html / php代码存储到php变量中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
