Not Having To Use Eval With Dynamic Content

Hi All,

I have a site where my pages contents are stored in a database and in most of my views I just use something like

echo "$content"


That works fine if the data is html, but if I want to include a Yii construct like

<p>Click the following link ". CHtml::link('careers',array('jobs/list))."</p> 

it outputs it literally rather than creating the link.

The only way I’ve been able to output it correctly is using EVAL, something like this

eval("echo '".$content."';");

but wondering if there is a better way to do it rather than using EVAL.


‘type’ => ‘raw’

Thanks for your response, but I’m not quite sure where to add this. Here is an example that i think might be correct:



public function actionAbout()


	$this->render('about', array( 'type'=>'raw')); 


View file About:

echo $content;

Is this correct?

type raw will work in a grid view, not in a regular view.

I don’t think there’s a way around using eval if you store php code in the database. Any reason why you are doing that? And not just the output html? The latter is a much safer approach IMO.

(( Edit: I suspect that Yii uses ‘eval’ for type raw anyway… ))

I can see all kinds of examples where it is needed to store the html in a database so that the user can edit the content. All i want to do is be able to add a link within the content and not use <href… since it requires the literal url(ie. rather than Yii’s link format (i.e… CHtml::link(‘link’,array(action/view)). I want to be able to use Yii’s link format.

Then, in that case, you need something clever, like this:

Or just parse the content yourself - substituting {{link}} with the url generated by Yii.

Relative links almost always works, btw.

When you say relative links almost always work, i assume like the example below should work or am I just screwing up the syntax?

I’ve tried this, but just can’t get it to work. Here is my code:


class PortletColumn1 extends Portlet


    	protected function renderContent()


            	// 'content' is pulled from a database but just typed it below for simplification 

		$this->render('portletColumn', array('content'=>"\"CHtml::link('linker',array('solutions/tab1'))\"", 'type'=>'raw'));




<div class=''>


    <?php echo ".$content."; ?>



The output looks like this:


Would be a massive security flaw to eval user content.

Have a look at Twig,

and the twig extension,

I decided to try and parse the record and convert it to a Yii link, but it won’t create a link on output. i’m not sure what is wrong since the output is exactly the correct syntax. I would really appreciate some help on this.

Here is the data:


I then parse it with this code. it’s not very efficient yet, but it works:

class PortletColumn1 extends Portlet




    protected function renderContent()



        $link = "&lt;a href=\'".Yii::app()->homeUrl."?r=";   		//set the prefix for yii format link


	// parse the "link_url" data        

	$string = Yii::app()->RCnar->getContent('frontPage_column1');

        $regex = "#([{]link_url[}])(.*)([{]/link_url[}])#e";

        $content = preg_replace($regex,"('$link$2\'&gt;')",$string);

 		//parse the "link_title" datta   

        $string = $content;

        $regex = "#([{]link_title[}])(.*)([{]/link_title[}])#e";

        $content = preg_replace($regex,"('$2&lt/a&gt;')",$string);


        $this->render('portletColumn', array('content'=>$content, 'type'=>'raw'));




Here is the parsed output:

<a href=''>Linker</a>

Here is the view file:

 <?php echo "$content";?>


Here is the browser output:

[color=#6B6B6B]<a href=''>Linker</a>[/color]

Any ideas to why it won’t create the link?

Answered it myself. Used CHtml::decode and it renders the link correctly.