PHP lines in discussions and comments

klod

Hi, Is it possible to "give" PHP lines in the body of discussions / comments , Example : <?php require("./livre.php"); ?>

ithcy

you want to execute php in comments from users? that is not possible. it would present a gigantic security problem.

AlexL

if you want to include your own .php files you need to use some sort of " [include file 1] " or whatever and than parse each comment upon creation or viewing...

klod

OK. Looking for an alternative to php require, I have tried <iframe src="http://thelinktomypage.htm"></iframe> It may work, but : - I had to put a reference to my css file in thelinktomypage.htm - Under IE, the frame does not start at the top of comment, but only a screen down later - and I do not find out why and how to correct it... But what I have tried with success for lauching php script on a discussion page is a form, like : <form action="script.php" method="POST"> and the ad hoc button <input type="submit" value="Send" />

ChrisGwynne

Why are you trying to include iframes and/or php scripts within the comments and discussions? Are you just letting people destroy your website? I hope they do.

Stash

Chris, you meanie LOL

AlexL

Everyone has his own reasons for doing whatever he is doing ;-) @ klod If you need any (more) help, tell us what you are trying to achieve

klod

What I like in Vanilla is the various possibilities it gives in how to use it. The one I try to build has open tocpis / discussions, that everyone can read, and so more personnal, that only members may read. Only the administrator can "write" discussions or comments. So there is no riks that someone will "destroy" my website. So I'm looking for other ways visitors can : - send me an email (via a form) - write something i my guessbook - registre for an event (give name, number of persons, date, ...) The way I did that in another life was with PHP (and csv files) - as I'm not good enought to make that with SQL. Even if it was not wonderful, it worked. I try to fin out how to get that also in vanilla. Using forms is a way to launch php scripts. The form is in the comment, and you need the php script somewhere on your website (uploaded with ftp for instance). What I want is now to give the html result of that script on a vanilla page. Any good idea will be appreciate. Many thanks.

angelic_venus

Like Chris said, allowing people to evaluate PHP within a comment is highly risky. But I don't see a problem if, like you say, only administrators can comment.

One way that you can parse PHP "on the fly", so to speak, is using PHPs eval() function: http://uk.php.net/eval

You could probably do something clever with preg_replace, PHP deliminators (<?php ?>) and eval(). It actually sounds like this could make an interesting extension, say, where certain roles (of your choosing) can have PHP evaluated within comments.

Adam.

klod

As far as I understand, when posting a comment, I'm in HTML mode. So nor <?php require("./livre.php"); ?> neither <div>eval("require("./livre.php");")</div> can be evaluated. I just see on the screen the caracters like I have typed them :( What is needed is a way to shift from HTML mode to PHP mode...

ithcy

you can't post a comment with php in it. you would need to write an add-on for this to work. but there are many better ways to include a file in your comments than allowing users to eval php. imagine a user adding this: <?php readfile("./conf/database.php") ?>

klod

If there are many better ways, which one would you advise ?

ithcy

i'd love to advise you but i think you would be better off learning how to write an add-on to do what you want. it's not hard.

Getting Started

there are loads of add-ons out there that process the content of comments. pick a simple one like Markdown and study its code. i think you'll get an idea of how to do what you want.

klod

i'd love being able to write add ons...