I am making my own CMS website and the body content is echoed onto the page however some of the page content is php code but the actual code is echoed out. How can i make it so that it works properly.

Code:

<div id="form"> </div> 
<h1>Form</h1> <br />

<?php
require_once "formvalidator.php";
$show_form=true;
if(isset($_POST['Submit']))
{
    $validator = new FormValidator();
    $validator->addValidation("Name","req","Please fill in Name");
    $validator->addValidation("Email","email","The input for Email should be a valid email value");
    $validator->addValidation("Email","req","Please fill in Email");
    if($validator->ValidateForm())
    {

	$emailsubject = $_POST['category'];
	$webmaster = 'email';
	
	$namefield = $_POST['Name'];
	$emailfield = $_POST['Email'];
	$categoryfield = $_POST['category'];
	$subjectfield = $_POST['subject'];
	$messagefield = $_POST['message'];
	$priorityfield = $_POST['priority'];
	$IPADDR = $_SERVER['REMOTE_ADDR'];
	$date = date("H:i:s D d M Y");
	$from = "OnlineSupport";
	
	
	$body = <<<EOD
$date
Name: $namefield
Email: $emailfield
Category: $categoryfield
Subject: $subjectfield
Message: $messagefield
Proproty: $priorityfield
$IPADDR
EOD;

	$headers = "From: $from\r\n";
	$headers .= "Content-tpye: text/html\r\n";
	$success = mail($webmaster, $emailsubject, $body, $headers);
	
        echo "<h2>Form Submited! <br /> Thank You for contacting support. We will get back to you as soon as we can.</h2>";
        $show_form=false;
    }
    else
    {
        echo "<B>Errors:</B>";

        $error_hash = $validator->GetErrors();
        foreach($error_hash as $inpname => $inp_err)
        {
            echo "<p>$inpname : $inp_err</p>\n";
        }        
    }
}

if(true == $show_form)
{
?>

<form method='post' action="/contact/index.php" accept-charset='UTF-8'>
Your name: <span class="red">*</span><br />
<input type="text" name="Name" size="30" maxlength="30" value="<?php echo $_POST['Name'];?>" />
<br /> 
Email address: <span class="red">*</span><br />
<input type="text" name="Email" size="30" maxlength="30" value="<?php echo $_POST['Email'];?>" />
<br /> 
Category: <br />
<select id="category" name="category">
<option value=" Select" selected="<?php echo $_POST['category'];?>"><?php echo $_POST['category'];?></option>
<option value=" Beta Testing">Beta Testing</option>
<option value=" Donating">Donating</option>
<option value=" Enquiry">Enquiry</option>
<option value=" Garrys Mod">Garrys Mod</option>
<option value=" Maps">Maps</option>
<option value=" Media">Media</option>
<option value=" Programs">Programs</option>
<option value=" Request">Request</option>
<option value=" Reviews">Reviews</option>
<option value=" Support">Support</option>
<option value=" Tutorials">Tutorials</option>
<option value=" Web Error">Website Error</option>
<option value=" Other">Other</option>
</select>
<br /> 
Subject: <br />
<input type="text" name="subject" size="30" maxlength="50" value="<?php echo $_POST['subject'];?>" />
<br />
Message:<br />
<textarea rows="8" cols="80" name="message"><?php echo $_POST['message'];?></textarea>
<br />
Priority: <br />
<select id="priority" name="priority">
<option value=" High">High</option>
<option value=" Medium">Medium</option>
<option value=" Low" selected="selected">Low</option>
</select>
<br /> <br />
<span class="red">Required *</span> <br /> <br />
<p><input type="submit" name="Submit" class="formbutton" value="Send" /></p>
</form> 
<?PHP
}//true == $show_form
?>
<br />
<br />
	<h1>Live Support</h1> <br /> 
		Coming Soon! <br /> <br />	
<br />
<br />

Can someone help please?
Thank's

Member Avatar for diafol

What bit is causing the problem? BTW - you look as if you're sending the form data to the same page - not recommended. Page refresh/reload can cause this data to be sent again (usually after confirmation popup) if sent to same page.

What bit is causing the problem? BTW - you look as if you're sending the form data to the same page - not recommended. Page refresh/reload can cause this data to be sent again (usually after confirmation popup) if sent to same page.

Yeah i am going to update that soon. But all the code above is being echoed out onto the page from a MySQL database. All the php code in there is being echoed out as text, so basically as it looks above.

Member Avatar for diafol

Sorry for asking - just to clarify:

have you installed php (ie. does phpinfo(); give you any info)?

have you given this page the .php extension? This is important even if it's an include file.

If all above correct, will get back to you.

Sorry for asking - just to clarify:

have you installed php (ie. does phpinfo(); give you any info)?

have you given this page the .php extension? This is important even if it's an include file.

If all above correct, will get back to you.

Thank you for your reply. Yes I have php installed and yes it has the php extension.

and so you know, the code on the index page that echo's this out is

<?php echo $body; ?>

which is within the HTML of the index page.

Member Avatar for diafol

Hmm, very odd - works for me when I added echo $body at the end of the file.

Yeah i am going to update that soon. But all the code above is being echoed out onto the page from a MySQL database. All the php code in there is being echoed out as text, so basically as it looks above.

Let me see if I understand you right. In other words you are saying that you are actually pulling the php code from the database?

Let me see if I understand you right. In other words you are saying that you are actually pulling the php code from the database?

Yes. So, all the code at the top is stored on a MySQL data base and is being echoed out onto a page but it's all echoed as text so you see all the php code as text.

Member Avatar for diafol

Oh - you need to 'eval' the code. THIS IS NOT suggested. Very dangerous.

Oh - you need to 'eval' the code. THIS IS NOT suggested. Very dangerous.

Is that the only way of doing this and if so how do you do it?

Member Avatar for diafol

I don't understand why you'd want to store executable code in a DB. Would an include file be a better solution? You can actually edit a file via file_get_contents() - into a textarea / online text editor and then save changes to the file. This can then function as a normal include file. Placing raw php in a DB would make me uncomfortable.

Is that the only way of doing this and if so how do you do it?

I also wouldn't even think of doing this for any reason. I don't know why you are trying but I can't think of any valid reason for doing such a thing.

That said, I think it is possible but it would take an advanced user to do so. The only way that I can think of doing this is to pull the php code from the database and then run it as a command like exec(insert php code here) or `insert php code here`. Which would then run the code against the server via command line and report back the output which you would then have to echo to the browser. This is, I assume what is going on in the back end anyway, but judging from what I see here I would say that this is not an option and you should save the contents of the database to a file and run the file.

Ok, instead i decided to create a seperate page and just put the code on there instead. I was trying to echo it out as the pages body since its a contact form but instead i have just created it's own page.

Thank's for everyone who helped though.

Member Avatar for diafol

Are we solved?

Are we solved?

More of a work around but at least it works. So yeah basic it's solved.

Yes you can do

<?php
   eval($Variable_Holding_PHP_code);
?>

But make sure you do this safely.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.