将html / php代码存储到php变量中
What is the best/safest way to store html mark up with php code in it into a php variable? Or is there a better solution rather than storing it into a variable?
EDIT: Sorry for not including what I am trying to do! I have a an article template that pulls all information (title/date/content/etc) from a database and loads it. I have a page where you submit an article and what I am trying to do is automate the file creation process. I want to create a file that is named the title of the article, then write the template code to it (hence the variable containing the template code and using fwrite()). I know I could just keep the template file on the website and copy it over/rename it, but if someone stumbles upon the template it is a complete mess, and I don't want to store it in plain text either.
使用php代码将html标记存储到php变量中的最佳/最安全的方法是什么? 或者是否有更好的解决方案而不是将其存储到变量中? p>
编辑:很抱歉不包括我想要做的事情! 我有一个文章模板,从数据库中提取所有信息(标题/日期/内容/等)并加载它。 我有一个页面,您提交一篇文章,我想要做的是自动化文件创建过程。 我想创建一个名为文章标题的文件,然后将模板代码写入其中(因此包含模板代码并使用fwrite()的变量)。 我知道我可以将模板文件保存在网站上并将其复制/重命名,但如果有人偶然发现模板,那将是一个完整的混乱,我也不想将其存储为纯文本。 p > div>
If you're working with a public website, I would not recommend storing things like articles in files on your server. It's messy, security-iffy, memory-inefficient, and otherwise unorthodox.
This would probably be a great situation in which to use a MySQL database. I'll assume you know how to work with one using PHP, but let me know if you don't know how.
In this way, you could store the HTML in the database using PHP's htmlentities() function:
$var = htmlentities($var, ENT_QUOTES);
This way, all html characters (ex. "<", ">" and quotes as well) are encoded into the database safely. For example,
<strong>Here is HTML</strong> becomes <strong>Here is HTML</strong>
That way, if your templates have any HTML, they can be easily and safely retrieved through mysql_query() and displayed.
I prefer something like this
$str = <<<EOD
Example of string with html <div>some sample text</div>
spanning multiple lines <span>span text!</span>
using heredoc syntax.
EOD;
I'd store it in a file, and then when someone wants to create a new article, load it with DOMDocument, replace the elements you need to replace, and use DOMDocument::saveHTML to dump the code to a file when you're done =)
This will give a cleaner way then EDO...
<?php ob_start(); ?>
<div>HTML goes here...</div>
<div>More HTML...</div>
<?php $my_var = ob_get_clean(); ?>