Home/ Questions/Q 6188791
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T02:17:46+00:00

i have made an small script to allow users to build they page or

  • 0

i have made an small script to allow users to build they page or contact form in my site

but some friends told me they want add some JS scripts !

so i thinking about allow users to edit header.php file

the file content is – Example

<head>
<title>Mysite | user_name</title>
</head>

Now i have idea

i will take a copy from the real file ( header.php )

and allow user to edit it

the editable version will be 

<title>{Mysite} | {user_name}</title>

and then , i will use ( str_replace function ) to replace {mysite} by my site title varibal

MY Question is !

if the user posted a php code

example

<head>
<title>{Mysite} | {user_name}</title>
<? include /// or echo 'error' or what ever ! ?>
//and some things others
</head>

the php code will work ? or will be ignored and used as html only ?

if there is a secure and good another way please tell me !

thank you

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If the header.php file, which your users can modify, is included (using require or include) from your PHP code, then, the PHP code it contains will be executed.

    In your case, I would rather :

    • Use a file name like header.tpl, to indicate that this file doesn’t contain PHP code, but is indeed some kind of template.
    • And I would not use inclure/require to get the content of that template file, but a simple file_get_contents().
    • 0