Good Day,
I have got a problem with my script. What I'm doing is:
I want to send an email to user. There are different templates for different type of mails like one design for SignUp confirmation, one for recent news etc. So, what I did is, I created a table and stored each design in column called content with its complete HTML code.
My database design is pretty simple for this purpose:
ID | type | content
1 | signup | <html> ... <body> .. content of email ... </body></html>
So, right above is my database. field with ID 1 Now, when someone signs up, I am trying to send him an email whose content is fetched from table above. Text under content field is like:
<html>
.
.
<body>
Good Day,
You have successfully created your account.
Please activate your account now by clicking below:
<a href="activate.php?md5=$md5&code=$code">ACTIVATE</a>
</body>
</html>
In above code, if you checkout the activate link, I have used PHP variables $md5 and $code, thinking that their corresponding values would be printed in actual email. But they are printed as it is, like $md5 and $code.
Well, I did little research and from few forums, I got to know that,
1st: While we added content of HTML template to database along with these PHP variables, they have become a value of that database column itself and would not be treated as PHP variables anymore.
2nd: One person claims that he have made it's working using eval() function. I can use eval since, im not taking any value from user but database, from point of security. I tried it, but still nothing.
Below is code which I tried with eval():
$md5 = $row['md5']; // These variables values I'm expecting to come in template content
$code = $row['activ_code']; // These variables values I'm expecting to come in template content
ob_start();
eval("\$template_content = \"$template_content\";");
$message = $template_content;
ob_end_clean();
Can someone help me out with this? I don't want to put complete template (HTML) on the same page where I'm using the mail function. It makes code look ugly instead of keeping it short and neat.
Please help!
Use str_replace http://php.net/manual/en/function.str-replace.php and replace those variables to tags, i.e. something like %MD5%. You could still use $code but it is just no this readable and may result in wrong text being substituded (consider a string "this was $codeveloped")
mixed str_replace ( mixed $search , mixed $replace , mixed $subject [, int &$count ] ) This function returns a string or an array with all occurrences of search in subject replaced with the given replace value.
Then,
$template_content = '<a href="activate.php?md5=%MD5%&code=%CODE%">ACTIVATE</a>';
$template_content = str_replace("%MD5%", $md5, $template_content);
$template_content = str_replace("%CODE%", $code, $template_content);
str_replace also accepts arrays as arguments, so this may be a better one
$placeholders = array("%MD5%", "%CODE%");
$values = array($md5, $code);
$template_content = str_replace($placeholders, $values, $template_content);
Eval is a potentially dangerous and generally an overkill
<php
echo '<a href="activate.php?md5='.$md5.'&code='.$code.'">ACTIVATE</a>';
?>
You could try something like this instead.
$md5 = $row['md5']; // These variables values I'm expecting to come in template content
$code = $row['activ_code']; // These variables values I'm expecting to come in template content
$message = str_replace( array('$md5','$code'), array($row['md5'], $row['activ_code']), $template_content);
Of course it might make better sense and readability to make the fields that need replacing look like this instead of using $xx like variable names.
$template_content = '..... {md5code}..... {activecode}...';
$message = str_replace( array('{md5code}','{activecode}'), array($row['md5'], $row['activ_code']), $template_content);
Just a suggestion.
Your problem is the double quotes in the text you are evaluating.
To get it working, you must escape them:
eval("\$template_content = \"" . addslashes($template_content) . "\";");
$message = $template_content;
Then it will work just fine.
Here is a complete working example:
$template_content = '<html>
.
.
<body>
Good Day,
You have successfully created your account.
Please activate your account now by clicking below:
<a href="activate.php?md5=$md5&code=$code">ACTIVATE</a>
</body>
</html>';
$md5 = "HEREGOESMD5";
$code = "CodeCodeCodeCode";
eval("\$template_content = \"" . addslashes($template_content) . "\";");
$message = $template_content;
echo $message;