dselp3944 2013-07-30 10:07
浏览 106
已采纳

存储在MySQL中的PHP变量无法解析

Good Day,

I have got a problem with my script. What I'm doing is:

I want to send an email to user. There are different templates for different type of mails like one design for SignUp confirmation, one for recent news etc. So, what I did is, I created a table and stored each design in column called content with its complete HTML code.

My database design is pretty simple for this purpose:

ID    |    type    |    content

1     |   signup   |    <html> ... <body> .. content of email ... </body></html>

So, right above is my database. field with ID 1 Now, when someone signs up, I am trying to send him an email whose content is fetched from table above. Text under content field is like:

<html>
.
.
<body>
Good Day,

You have successfully created your account.
Please activate your account now by clicking below:

<a href="activate.php?md5=$md5&code=$code">ACTIVATE</a>

</body>
</html>

In above code, if you checkout the activate link, I have used PHP variables $md5 and $code, thinking that their corresponding values would be printed in actual email. But they are printed as it is, like $md5 and $code.

Well, I did little research and from few forums, I got to know that,

1st: While we added content of HTML template to database along with these PHP variables, they have become a value of that database column itself and would not be treated as PHP variables anymore.

2nd: One person claims that he have made it's working using eval() function. I can use eval since, im not taking any value from user but database, from point of security. I tried it, but still nothing.

Below is code which I tried with eval():

$md5    =   $row['md5'];  // These variables values I'm expecting to come in template content
$code   =   $row['activ_code'];  // These variables values I'm expecting to come in template content

ob_start();
eval("\$template_content = \"$template_content\";");
$message    =   $template_content;
ob_end_clean();

Can someone help me out with this? I don't want to put complete template (HTML) on the same page where I'm using the mail function. It makes code look ugly instead of keeping it short and neat.

Please help!

  • 写回答

4条回答 默认 最新

  • drctyr2869 2013-07-30 10:09
    关注

    Use str_replace http://php.net/manual/en/function.str-replace.php and replace those variables to tags, i.e. something like %MD5%. You could still use $code but it is just no this readable and may result in wrong text being substituded (consider a string "this was $codeveloped")

    mixed str_replace ( mixed $search , mixed $replace , mixed $subject [, int &$count ] ) This function returns a string or an array with all occurrences of search in subject replaced with the given replace value.

    Then,

    $template_content = '<a href="activate.php?md5=%MD5%&code=%CODE%">ACTIVATE</a>';
$template_content = str_replace("%MD5%", $md5, $template_content);
$template_content = str_replace("%CODE%", $code, $template_content);

    str_replace also accepts arrays as arguments, so this may be a better one

    $placeholders = array("%MD5%", "%CODE%");
$values = array($md5, $code);
$template_content = str_replace($placeholders, $values, $template_content);

    Eval is a potentially dangerous and generally an overkill

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥20 求各位懂行的人,注册表能不能看到usb使用得具体信息,干了什么,传输了什么数据
  • ¥15 个人网站被恶意大量访问,怎么办
  • ¥15 Vue3 大型图片数据拖动排序
  • ¥15 Centos / PETGEM
  • ¥15 划分vlan后不通了
  • ¥20 用雷电模拟器安装百达屋apk一直闪退
  • ¥15 算能科技20240506咨询(拒绝大模型回答)
  • ¥15 自适应 AR 模型 参数估计Matlab程序
  • ¥100 角动量包络面如何用MATLAB绘制
  • ¥15 merge函数占用内存过大