Prevent PHP Executing code in string?

Okay, I am trying to get PHP to write a string to the browser. This string unfortunately contains PHP code which is obviously causing problems as PHP tries to run the code (which is meaningless without context) and runs into fatal errors.

What I would love to know is how to print code to the browser without it being executed. There must be a way of doing it, similar to the [ php] tags here at DP.

Thanks

 

Is that the function you looking for?

highlight_string()

PHP:

That function will print out your php code without execute. Good for php tutorial or forums like Digitalpoint

example:

highlight_string('<?php phpinfo(); ?>');

That line will output <?php phpinfo(); ?>

PHP:

cheers.

 

Single quotes?

echo '<?php $variable = "Hello"; echo $variable; ?>';

Otherwise, just run something like http://php.net/htmlentities on it.

Dan

 

PHP is not trying to run the code(to do that you need to use eval). The problem is that the browser sees <> and thinks it's html. To get past that you need to change those to their entities &gt; &lt; using htmlspecialchars() or even htmlentities().

 

I think that is what I am looking for, this is the code I put in:

<div id="example">
<?php 
$eg_1 = highlight_string("<?php $entered_pass = $GET[ 'password']; $hash = md5($entered_pass); if($hash == 'd8578edf8458ce06fbc5bb76a58c5ca4') {//Some Private Stuff} ?>");
echo $eg_1;
?>
</div>

PHP:

But I get

Any Tips?

 

<div id="example"><?php $eg1 = highlight_string("<?php $entered_pass = $GET[ 'password']; $hash = md5($entered_pass); if($hash == 'd8578edf8458ce06fbc5bb76a58c5ca4') {//Some Private Stuff} ?>");echo $eg1;?></div>

PHP:

Try that. You were using a _1 which doesn't work in PHP or C/C++...or any language for that matter(that I have seen)

 

Get the same error with your code :s

 

$eg_1

PHP:

is a perfectly acceptable variable name.

It means probably somewhere in your code there is an extra quote mark or something like that.

Dan

 

I assume text is entered by user
so suppose data is contained in a variable that also has <?php and ?> tags as well as " or ' quotes.
What you do is make them readable as html equvilants:

As far NatalicWolf's code, $GET['password'] was creating problems, where it als omust be _GET not GET.
And evey variable's prefix dollar sign '$' should be treated as a character so, you must put backslash before it, or enquoe entitre string in double quotes.

$temp = htmlspecialchars("<?php \$entered_pass = \$_GET['password']; \$hash = md5(\$entered_pass); if(\$hash == 'd8578edf8458ce06fbc5bb76a58c5ca4') {//Some Private Stuff} ?>");
echo $temp;

will print out

I hope i helps.

regards

 

Vooler, your code worked. IDK why the highlight_string did not work however. ZDE just viewed it all as one big error which wasn't really very helpful.

 

highlight_string is use for syntax highlighting and htmlspecialchars converts speical characters to html specific equvilants, you can simply replace htmlspecialchars with highlight_string and I hope it will work just fine.

btw who is ZDE ?

regards

 

ZDE isn't a person.

 

function highlight($str){

 highlight_string('<?php '.$str.' ?>');

}//end function highlight


$str = '

$entered_pass = $GET[ "password"]; 

$hash = md5($entered_pass); 

if($hash == "d8578edf8458ce06fbc5bb76a58c5ca4") {

//Some Private Stuff

}';

highlight($str);

PHP:

 

Ahh, finally, that worked perfectly. Many thanks to all who helped but it's php-lover who is getting the rep

 

glad it's work.

 

Oh, and for whoever asked above, ZDE is Zend Development Environment, a PHP scripting aide and debugging system

 

I heard about Zend Studio not ZDE, but well I prefer my notepad2..

 

I still prefer PHP Designer.



Dan