PHP code is displayed in user's browser

Question

I have a php script like this :

<?php
$confirmationCode = trim($_GET['confcode']);
$_SERVER['REMOTE_ADDR'] = 'xxx.xxx.xxx.xxx';
$emailLogId = 1;
if ($_SERVER['REMOTE_ADDR']=='xxx.xxx.xxx.xxx') {
//   print '<pre>' .'xxxxx' . $emailLogId . '###';  //exit ;    
}
if( is_numeric($emailLogId)) {
if ($_SERVER['REMOTE_ADDR']=='xxx.xxx.xxx.xxx') {
// print '<pre>yyy' . $_GET['emaillog_id'] . 'yyyxxxxxx ' . $emailLogId;  print_r             ($row) ; exit ;   
}
//$osDB->query('UPDATE ! SET clicktime=? WHERE id=?', array('email_logs', time(),   $emailLogId));
} else {
if ($_SERVER['REMOTE_ADDR']=='xxx.xxx.xxx.xxx') {
//   print '<pre>zzz' . $_GET['emaillog_id'] . 'yyyxxxxxx ' . $emailLogId;  print_r ($row) ; exit ;     
}
}
?>

It is running on my server. Actually some people are complaining that they are seeing the source code of this script( pasted below ) on their browser and they send me snap shot of this issue:

 ' .'xxxxx' . $emailLogId . '###';  //exit ;    
}
 if( is_numeric($emailLogId)) {
 if ($_SERVER['REMOTE_ADDR']=='xxx.xxx.xxx.xxx') {
// print '<pre>yyy' . $_GET['emaillog_id'] . 'yyyxxxxxx ' . $emailLogId;  print_r ($row) ; exit ;   
}
//$osDB->query('UPDATE ! SET clicktime=? WHERE id=?', array('email_logs', time(), $emailLogId));
 } else {
if ($_SERVER['REMOTE_ADDR']=='xxx.xxx.xxx.xxx') {
 //  print '<pre>zzz' . $_GET['emaillog_id'] . 'yyyxxxxxx ' . $emailLogId;  print_r ($row) ; exit ;     
}
 }
?>

Actually I am really confused because I am not able to reproduce this problem, but 3-4 people are complaining about same the thing.

Do you have any idea what is the issue?

Answer 1

Yes, similar thing happened with me too.

2 things:

. Apache configuration.

Make sure php engine is ON. If you cannot access your apache configuration file then, add this in your .htaccess:

php_flag engine on

. CDN.

If you are using any Cloud Distribution Network, it is time for you to ask them to purge your existing cache and re-load the new one.

Browser will display PHP source code ONLY AND ONLY if apache configuration is going wrong.

Hope that helps.

EDIT:

After reading Sabin's comment, I gave a second look at the code.

Problem is, he has ASSIGNED the value to $_SERVER['REMOTE_ADDR'] (line 3)

Here is how it should be:

<?php
$confirmationCode = trim($_GET['confcode']);
$ip = 'xxx.xxx.xxx.xxx';
$emailLogId = 1;

//Whatever conditions.
if ($_SERVER['REMOTE_ADDR'] == 'xxx.xxx.xxx.xxx') {
//   print '<pre>' .'xxxxx' . $emailLogId . '###';  exit ;    
}
if( is_numeric($emailLogId)) {
if ($_SERVER['REMOTE_ADDR'] == 'xxx.xxx.xxx.xxx') {
// print '<pre>yyy' . $_GET['emaillog_id'] . 'yyyxxxxxx ' . $emailLogId;  print_r             ($row) ; exit ;   
}
//$osDB->query('UPDATE ! SET clicktime=? WHERE id=?', array('email_logs', time(),   $emailLogId));
} else {
if ($_SERVER['REMOTE_ADDR']=='xxx.xxx.xxx.xxx') {
//   print '<pre>zzz' . $_GET['emaillog_id'] . 'yyyxxxxxx ' . $emailLogId;  print_r ($row) ; exit ;     
}
}
?>

However, echo-ing the source code cannot be due to this. I would ask you to put FULL FILE so that we could see if you are missing a closing single quote!

Answer 2

It sounds like PHP is not working at all. The only reason you are not seeing the first part, is because your browsers is parsing it as if it were an HTML tag.

And Please try to print phpinfo() once,

please check for the below link, for more details

PHP code displayed in browser