CODEWITHSUNDEEP
phphtmlsyntax
Neli Chakarova
Neli Chakarova

Reputation: 660

Php code symbols escaped after execution (Sublime editor)

I am aware that this might be a question with an obvious answer but I for a php-newbie it is SO not!

I am writing php code with Sublime inside a file together with html and after I execute the files my code changes. The <and > is written with its escaping characters. Help..please..

<?php 
$username= trim($_POST['username']);
$pass= trim($_POST['pass']);
$userExist= trim($_POST['userExist']);
$passExist= trim($_POST['passExist']);

// print_r($username);
// print_r($pass);

$conn= mysqli_connect('localhost','neli','','yogies');

// if(!$conn){
//  echo "No database";
//  exit;
// }else {
// //   echo "Done";
// // }

if(isset($username) && isset($pass)){
    $usernameCheck = mysqli_query($conn, 'SELECT username FROM users WHERE username="'.$username.'"');
    // print_r('SELECT username FROM users WHERE username="'.$username.'"');
    if( $usernameCheck && $usernameCheck->num_rows ){
        $check= 1;
    } else {
        $check=0;
    }
}

if($check==0){

    $userToEnter =$username;    
    $userToEnter = mysqli_real_escape_string($conn, $userToEnter);

    $passToEnter = $pass;
    $passToEnter = mysqli_real_escape_string($conn, $passToEnter);

    $sql = 'INSERT INTO users (username,password) VALUES ("'.$userToEnter.'","'.$passToEnter.'")';
    // print_r($sql);

    if(mysqli_query($conn, $sql)){

        session_start();


        // print_r('here');
        // print_r($_POST['url']);


        $doc = new DOMDocument();
        // html5 problems with tags
        // libxml_use_internal_errors(true);
        $doc->loadHTMLFile('header_nav.php');
        // html5 problems with tags
        // libxml_clear_errors();

        $doc->getElementById('sign')->setAttribute('display','none');
        $doc->getElementById('logout')->setAttribute('display','block');
        $doc->saveHTMLFile('header_nav.php');

        // header('Location: '.$_POST['url']);

    }

}else{
    print_r('Nope');
}

?>



<!DOCTYPE html>
<html class="wallpaper">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="./styles/css.css">
<title><?php echo $pageTitile ?></title>
</head>
<body>
    <header><div class="top">
        <a href="index.php" id="logo"><img src="./pictures/logo.png" height="80px" width="80px"></a>
        <a href="#" id="sign" name="sign" display="none">Log in</a>
        <a href="#" id="logout" name="logout" display="block">Log out</a>

        <nav><ul><li><a href="#">Yoga Poses</a></li>
            <li class="subList">
                <span id="levels">Yoga Levels <img id="arrow" src="./pictures/arrow.png"></span>
                <ul class="dropdown"><li><a href="index.html">All levels</a></li>
                    <li><a href="#">Level 1</a></li>
                    <li><a href="#">Level 2</a></li>
                    <li><a href="#">Level 3</a></li>
                    <li><a href="#">Level 4</a></li>
                </ul></li>
                <li><a href="./recipes.php">Healthy and Delicious</a></li>
            </ul></nav></div>

            <div id="overlay">
                <div id="background"></div>

                <form id="loginForm" name="login" method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

                    <!-- <input type="hidden" name="url" value="<?php echo 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; ?>"> -->

                    <fieldset id="bordered"><legend>Register:</legend>
                        <p>Username:<input type="text" name="username"></p>
                        <p>Password:<input type="password" name="pass"></p>
                        <p>Repeat pass:<input type="password" name="pass2"></p>
                    </fieldset><fieldset><legend>Log in:</legend>
                    <p>Username:<input type="text" name="userExist"></p>
                    <p>Password:<input type="password" name="passExist"></p>
                </fieldset><div class="btns">
                <button id="btnSubmit" class="btn" type="button" value="Submit">Submit</button>
                <button class="btn" type="button" value="Cancel">Cancel</button>
            </div>
        </form>
    </div>
</header>
</body>
</html>

Upvotes: 0

Views: 133

Answers (2)

inanimatt
inanimatt

Reputation: 702

It looks like this script is modifying itself, and using DOMDocument to do it. PHP scripts aren't valid HTML/XML, so DOMDocument mangles the code up - it's not Sublime's fault :)

The way to make the code do what you expect here is put the header HTML into a separate file (like header_nav.html), manipulate that instead, and then make your script output it to the user rather than save it.

But modifying a file with DOMDocument is probably way over the top for what you need, and there are other problems with that approach too. That file gets given to everyone, so as soon as one person logs in, everyone gets that header_nav. It also writes to disk when you only really need to change the code in memory and pass it to just that user.

Something much more simple would be to have two header html files (like header_logged_in.php and header_logged_out.php) and then make your header_nav.php just include('header_logged_in.php') if the user is logged in, or include('header_logged_out.php') if they're not.

Some other notes:

  1. Never take something from $_POST and put it straight into an SQL query - you trim it, but that’s no safety at all. The safe way to do it is by using prepared statements. Have a look at PHP The Right Way on how to do that (the examples use PDO which is what I’m more familiar with, but mysqli is okay too if you prefer it).

  2. If either $username or $pass are empty, then $check is never set, so you’d get a PHP strict error telling you that $check is undeclared. You could just add $check = 0 before the if ($check == 0)… line to solve that. Also, use true and false instead of 1 and 0, and === instead of == - though it's a matter of taste in this instance, if you do it elsewhere too then it'll bite you eventually.

  3. It’s commented out, but a later line does header(“Location: “.$_POST[‘url’]) which is also kinda bad - anyone could put any URL into that and redirect your users to their site. It’d be better to build the URL yourself or use an array of valid URLs and point to the right key in the array or something.

  4. You start the session, but you don’t put anything in it (like… whether the user is logged in, and what their username is).

Upvotes: 1

nathan-wallace
nathan-wallace

Reputation: 31

Make sure the doc type is .php and not HTML.

Click the syntax highlighting menu and choose PHP, the language chosen is HTML, make sure PHP is checkmarked.

Otherwise:

To edit the preferences:

1) - Preferences ==> Browse Packages...

2) - Go to the HTML folder & Open "HTML.tmLanguage" with a text editor

3) - Find :

firstLineMatch

<string>&lt;!(?i:DOCTYPE)|&lt;(?i:html)|&lt;\?(?i:php)</string>

And replace it with :

firstLineMatch

<string>&lt;!(?i:DOCTYPE)|&lt;(?i:html)</string>

4) - Restart Sublime Text.

Upvotes: 0

Related Questions