question about heredoc strings

**=?iso-8859-1?Q?=C1lvaro?= G. Vicario** · Aug 1 '08, 04:15 PM

Re: question about heredoc strings

*** someusernameher e escribió/wrote (Fri, 1 Aug 2008 09:03:15 -0700 (PDT)):

$foo = <<<bar
<form action="index.p hp" method="POST" name="user">
............... ............... ............... ............... ............... .
HTML code here........... ............... ............... .....
............... ............... ............... ............... .........
$lang = mysql_query("SE LECT * FROM lang where selected != '*'");
............... ............... ............... ............... .......
more PHP consults to mysql here
............... ............... ............... .........
bar;

The question is how to escape the php code for display into HTML, what I
have done is comment it with <!-- and --this works, but if I see the
page source code I can see all the php code commented here, and
obviously is insecure for the system, anyone know what to do?

Heredoc syntax is similar to double quotes: you get variables replaced with
their values, but that's all. You can't put PHP code inside.

--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor en cubitos: http://www.demogracia.com
--

**Jeff** · Aug 1 '08, 05:55 PM

Re: question about heredoc strings

Álvaro G. Vicario wrote:

*** someusernameher e escribió/wrote (Fri, 1 Aug 2008 09:03:15 -0700 (PDT)):

>$foo = <<<bar
><form action="index.p hp" method="POST" name="user">
>.............. ............... ............... ............... ............... ..
>HTML code here........... ............... ............... .....
>.............. ............... ............... ............... ..........
>$lang = mysql_query("SE LECT * FROM lang where selected != '*'");
>.............. ............... ............... ............... ........
>more PHP consults to mysql here
>.............. ............... ............... ..........
>bar;

>

>The question is how to escape the php code for display into HTML, what I
>have done is comment it with <!-- and --this works, but if I see the
>page source code I can see all the php code commented here, and
>obviously is insecure for the system, anyone know what to do?

>
Heredoc syntax is similar to double quotes: you get variables replaced with
their values, but that's all. You can't put PHP code inside.

Is there a way to do this:

function getSomething(){
return 'something';
}

$content = <<<MY_BLOCK

Insert the return for a function like: getSomething()

....

MY_BLOCK;

That's doable in perl with a trick and I suspect there is a way to do it
in php.

As for the ops question, I have no idea why you'd want to insert code
in the heredoc as you can assemble heredocs just like any variable.

$content .= <<MY_BLOCK

....

MY_BLOCK;

some code...

$content .= <<MY_BLOCK

....

MY_BLOCK;

Jeff

>
>

question about heredoc strings

question about heredoc strings

Comment

Comment