Open file, passing variable data, and insert into a db

PHP
1

Hi,
I think this is the most common method to pass variable data into html tags and then insert this html into the database, below is an abstract of the method in a class (I’m using OOP),

$content = '
<table>
<tr><td>
<p>Dear '.$this -> database -> real_escape_string($params['first_name']).',</p>
<p>Thank you for your order....</p>
<td>		
</tr>
</table>';

$content = "'".$this -> database -> real_escape_string($content)."'";

$sql = " INSERT INTO invoices (content) VALUES($content)"

$result = $this -> database -> query($sql);

The issue is, I have very long html page needs to be passed it into the database, and I don’t want to put the long html tags into my class’s method, bcos this html file is just a template which will be changed from time to time. so ideally I will put the html code above into an external - template.php so that I will need to update this template only without messing around too much in my class method. and the most important thing in this template is, I want to pass some variable data into it, such as above.

I tried include() like this,

$content = include 'template.php';

but it shows the value of ‘1’ in my database which is very strange.

So I tried file_get_contents(),

$content = file_get_contents('template.php');

it then won’t pass any variables into it. it will shows this in the database - $this -> database -> real_escape_string($params[‘first_name’]),instead of the information.

it would be great if you have any ideas.

Many thanks,
Lau

2

yes I just read about it :slight_smile:

I think the best solution is the one u suggested:

$res = $db->query("SELECT name,email,total FROM invoices INNER JOIN customers ON invoices.cust_id = customers.cust_id WHERE invoices.id = ".$db->real_escape_string($_GET['invoice']));
$invoice = $res->fetch_array();
$emailbody = "<table>
<tr><td>
<p>Dear ".$invoice['name'].",</p>
<p>Thank you for your order....</p>
<p>Your payment option will be billed ".$invoice['total']."$</p>
<td>        
</tr>
</table>";
mail($invoice['email'],"Your invoice from My Business",$emailbody);

:smiley:

3

eval is dangerous. Code-injection loves eval…

4

I came across this function eval() which may help…




<?php
$var = 'dynamic content';
echo eval('?>' . file_get_contents('template.phtml') . '<?');
?>

and the template.phtml:
<html>
<head>
<!-- … –>
</head>
<body>
<!-- … –>
<?=$var?>
<!-- … –>
</body>
</html>

http://php.net/manual/en/function.eval.php

thanks! :slight_smile:

5

There are a couple of methods of templating (which i am not qualified to answer… someone with smarty or other such methods experience would have to answer that…)

but there’s no reason you cant do…


<?php
//Get your $invoice data from the database here
?>
<table>
<tr><td>
<p>Dear <?php echo $invoice['name']; ?>,</p>
<p>Thank you for your order....</p>
<p>Your payment option will be billed <?php echo $invoice['total']; ?>$</p>
<td>        
</tr>
</table>
6

thanks! I’m getting there! Just one last question,

<table>
<tr><td>
<p>Dear ".$invoice['name'].",</p>
<p>Thank you for your order....</p>
<p>Your payment option will be billed ".$invoice['total']."$</p>
<td>        
</tr>
</table>

bcos the html template might be long in my invoice so I think would it be possible to put this html template in an external and pass the variables into this file before sending it to the buyer??

seems that I am falling back to my original issue! :sick:

7

Yeah… dont save the HTML in the database. Save the invoice information (customer’s identifier, invoice contents, etc).

When you actually get to the point in your code that you want to send the invoice, or display it, retrieve the information from the database and insert it into the static HTML.

EX:
I have an invoice for Customer #3 (Who my database knows is Mr. X), and he paid me 250.00$.


$sql = "INSERT INTO invoices(cust_id,total) VALUES (".$db->real_escape_string($cust_id).",".$db->real_escape_string($total).")";

Now, when i need to send an email with the invoice…


$res = $db->query("SELECT name,email,total FROM invoices INNER JOIN customers ON invoices.cust_id = customers.cust_id WHERE invoices.id = ".$db->real_escape_string($_GET['invoice']));
$invoice = $res->fetch_array();
$emailbody = "<table>
<tr><td>
<p>Dear ".$invoice['name'].",</p>
<p>Thank you for your order....</p>
<p>Your payment option will be billed ".$invoice['total']."$</p>
<td>        
</tr>
</table>";
mail($invoice['email'],"Your invoice from My Business",$emailbody);
8

bcos eventually I will need to output this html content to be sent like an invoice to a buyer’s email for instance.

I could be on the wrong idea of myself…

9

Why do you need static text passed into a database?
All the non-dynamic data should not be saved in a database, and should instead be used as-needed. It will reduce your database size (From what you’ve said about the size of the html, quite dramatically).


include('template.php');

Include is a boolean function that executes all the code in the file in question and returns true if it does so successfully.

If your first box is what template.php is, then just include the file (as above), and $content will be set.