Why PHP code block passed through method gets commented out (PHP7)?

Question

I have this testfile.php where I try passing through a code block including the PHP-Tags.
But when I do so the result will end up in a comment.
I haven't found it in the documentation and obviously PHP runs on Apache otherwise I wouldn't get the class working.

I want to know: Why is the code commented out and how can this be solved in an appropriate way?

Update:

Using eval() a working solution is provided by Asad Raza, yet it is using eval().

 eval("?>". $string);

I have html surrounding the code (a mixed php-html page).
In real life am fetching the whole batch from a database table.

I need to pass it through exactly as is and eval won't be considered to be the best option as I think there should be a cleaner solution.

The result should not be a simple print of plain text, but the executed code e.g. like the instantiation of a class.

<?php

class Test
{

  public function __construct()
  {
  }

  public function getPHPCodeOne()
  {
    return  '<?php echo "Hi, I want to be PHP-Code"; ?>';
  }
  public function getPHPCodeTwo()
  {
    return  '<?php $fooClass = new className(); echo $fooClass->barMethod(); ?>';
  }
}

$test = new Test();
echo $test->getPHPCodeOne();
echo $test->getPHPCodeTwo();

Would result in

<!--?php echo "Hi, I want to be PHP-Code"; ?-->
<!--?php $fooClass = new className(); echo $fooClass--->"barMethod(); ?>"

But should result in:

Hi, I want to be PHP-Code
I'am the Output of my flexible fooClass->barMethod.

Then `header('content-type: text/plain');` at the start should also help. — Ulrich Thomas Gabor, Sep 06 '17 at 06:47
Convert all applicable characters to HTML entities. See: http://php.net/manual/en/function.htmlspecialchars.php and http://php.net/manual/en/function.htmlentities.php — KIKO Software, Sep 06 '17 at 06:50
Tried it before. This would return plain text, but I need the code as working code. Pls see my update — leopold, Sep 06 '17 at 10:37

hassan · Answer 1 · 2017-09-06T10:57:16.980

3

you may use htmlentities with this

htmlentities — Convert all applicable characters to HTML entities

return  htmlentities('<?php echo "Hi, I want to be PHP-Code"; ?>');

or even htmlspecialchars with this

htmlspecialchars — Convert special characters to HTML entities

return  htmlspecialchars('<?php echo "Hi, I want to be PHP-Code"; ?>');

to check out the difference between htmlentities and htmlspecialchars

Update

as you want to execute your code string you need to go with eval

The code must not be wrapped in opening and closing PHP tags, i.e. 'echo "Hi!";' must be passed instead of ''. It is still possible to leave and re-enter PHP mode though using the appropriate PHP tags

so all you want to eval your code string is to remove the leading <?php opening tags, whether by removing it from the string, or by trimming it when you are eval this string.

class className
{
    public function barMethod()
    {
        return 'barMethod is here';
    }
}
class Test
{
    public function getPHPCodeOne()
    {
        return  '<?php echo "Hi, I want to be PHP-Code"; ?>';
    }
    public function getPHPCodeTwo()
    {
       return  '<?php $fooClass = new className(); echo $fooClass->barMethod(); ?>';
    }
}

$test = new Test();
echo eval(ltrim($test->getPHPCodeOne(), '<?php')) . PHP_EOL;
echo eval(ltrim($test->getPHPCodeTwo(), '<?php')) . PHP_EOL;

this will output :

Hi, I want to be PHP-Code barMethod is here

edited Sep 06 '17 at 10:57

answered Sep 06 '17 at 06:50

hassan

7,812
2
25
36

Tried it before. This would return plain text, but I need the code as working code. Pls see my update. – leopold Sep 06 '17 at 10:32
Yes, this would work fine if the expression would always be at the beginning. But the solution breaks if it is surrounded by text and other scripts. Otherwise I'd just use some placeholders and replace them at the end. Although that'll be rather cumbersome and very bad anyways. :) – leopold Sep 06 '17 at 12:35
"But the solution breaks if it is surrounded by text and other scripts" I didn't got that, how it will be break ? you are executing eval to a code string, not to a text containing a code , right ? – hassan Sep 06 '17 at 12:37
Like in the update: 'I have other text and tags surrounding the code - like a mixed php html page.' - So yes, there is other characters around the code string. And I do not want to use eval after the return - Do you know / or can you explain why I cannot return the string-expression as code through a method? - It is fine if it is not possible. Then I need to find another solution. But then I'd like to know why it is not possible. – leopold Sep 06 '17 at 12:46
what do you mean by return the string expression as a code ? you mean by executing it ? however if you don't want to eval your returned code outside the class you may eval it inside it https://3v4l.org/egUAg , or even create a new wrapper to handle this. – hassan Sep 06 '17 at 12:58
This is what I tried in early stage. But I also wanted to keep the example as simple as possible and reduce it down to the necessary parts. Because I want to keep it reusable. And specifying eval for every single expression wouldn't to it properly, would it?-- 'string expression as a code', yes an executing code. Like your solution but randomly placed within a string block and random by occurrence. – leopold Sep 06 '17 at 13:16

Asad Raza · Answer 2 · 2017-09-06T17:13:35.820

2

If Your code is

public function getPHPCode()
  {
    $date = date('Y-m-d');
    return  '<?php echo "Hi, I want to be PHP-Code $date"; ?>';
  }

If you want execute your php code from string and want result like this

Hi, I want to be PHP-Code 2017-9-6

Then use eval

$test = new Test();
$string =  $test->getPHPCode();
eval($string); // output Hi, I want to be PHP-Code 2017-9-6

If you want your string exact on browser, like output (use for tutorials)

 $test = new Test();
 $string =  $test->getPHPCode();
 echo htmlentities($string); //output => <?php echo "Hi, I want to be PHP- $date"; ?>

UPDATE:

$test = new Test();
 $string =  $test->getPHPCode();
 eval("?>". $string ."<?php"); 
 // end php tag ?> so current php close..
 //Then PHP start <?php  and end ?> from your string.
 // then now again start <?php so your normal code will work.

 It will generate code like this, in your case.
 <?php 
  $test = new Test();
  //your some code
 ?><?php echo "Hi, I want to be PHP-Code"; ?><?php
   //your more code
 ?>

No need to echo here like

echo eval("?>". $string ."<?php");  // here echo is wrong.if echo inside string.

edited Sep 06 '17 at 17:13

answered Sep 06 '17 at 07:21

Asad Raza

34
1
2
14

Eval seems to conflict with the opening tag. See my update. – leopold Sep 06 '17 at 10:36
Works! - Although I will use eval only as a quick fix. Btw. for the given use cases it's better to use soley: eval("?>". $string); Because otherwise you'll end up with a trailing PHP opening tag. Thanks! – leopold Sep 07 '17 at 08:38
If your problem is solve by this answer, so please mark this answer as correct answer – Asad Raza Sep 07 '17 at 13:55
I know, but I am still missing the **why** part of my question. That's why I do not mark it as solved. I am really interested in the answer of why the statement is commented out. And creating a duplicate question wouldn't be helpful. – leopold Sep 07 '17 at 14:02
If you use "eval()" then your why part of question will be solve... or post a real example of code that you are trying to do, so may be you will get exact right answer for your problem... – Asad Raza Sep 07 '17 at 14:47
You provided a very practical solution, well explained. Yet my question is not answered - why the statements keeps being commented out. I summarised it in my update. – leopold Sep 08 '17 at 03:37

Why PHP code block passed through method gets commented out (PHP7)?

2 Answers2

Update