Menu
I have the following PHP script (file.php) which shows the current time and displays the user's input:
Current time:
<?php
$time=time();
$actual_time=date('H:i:s',$time);
echo $actual_time;
//show user input
$enter=@$_POST['enter'];
echo '<br>Input: '.$enter;
?>
<form action="" method="POST">
<input type="text" name="enter">
<input type="submit" value="Refresh">
</form>
By default the page shows this:
If I enter e.g. <strong>test</strong>, I see this:
And if I enter <iframe src="file.php"></iframe>, I can reload the page in a smaller window:
So, now, how could I display the raw PHP script (file.php) by submitting some certain HTML code in the INPUT text field?
248
The show_source() function outputs a file with the PHP syntax highlighted. The syntax is highlighted by using HTML tags. The colors used for highlighting can be set in the php.
PHP is a server-side programming language, meaning it is executed at the web server before the website is sent to the end-user. This is why you can't see the PHP code when you view the source code.
Step 1: First of all, open the Apache Friends website and download XAMPP for Windows, and install it. Step 2: Start the XAMPP Program Control Panel. Click on the “Start” button next to the “Apache” to start your Apache Web Server. Also, start “MySQL” if your PHP programs depend on a MySQL database to run.
As you can see, you can use any HTML you want without doing anything special or extra in your PHP file, as long as it's outside and separate from the PHP tags. In other words, if you want to insert PHP code into an HTML file, just write the PHP anywhere you want (so long as they're inside the PHP tags).
<?php
// Disable a WebKit security feature
// which would prevent from showing the source code.
header('X-XSS-Protection: 0');
if (isset($_GET['source']) || isset($_POST['source'])) {
$source = file_get_contents(__FILE__);
// To prevent this control from showing up
// in the output source code
// enable the code below.
/*
$lines_to_remove = 26;
$source = explode("\n", $source, $lines_to_remove);
$source = $source[$lines_to_remove - 1];
*/
$source = highlight_string($source, true);
echo $source;
return;
}
?>
Current time:
<?php
$time=time();
$actual_time=date('H:i:s',$time);
echo $actual_time;
//show user input
$enter=@$_POST['enter'];
echo '<br>Input: '.$enter;
?>
<form action="" method="POST">
<input type="text" name="enter">
<input type="submit" value="Refresh">
</form>
79
htmlspecialchars — Convert special characters to HTML entities
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new;
//This would be the output
<a href='test'>Test</a>
//browser will display
<a href='test'>Test</a>
htmlentities -Convert all applicable characters to HTML entities
$str = "A 'quote' is <b>bold</b>";
echo htmlentities($str);
// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str, ENT_QUOTES);
// Outputs: A 'quote' is <b>bold</b>
In browser it woulbe displayed:
A 'quote' is <b>bold</b>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
