How to clear previously echoed items in PHP

2019-01-10 14:43发布

问题:

In php, is there any way to clear/remove all previously echoed or printed items?

For example:

<?php

echo 'a';
print 'b';

// some statement that removes all printed/echoed items

echo 'c';

// the final output should be equal to 'c', not 'abc'

?>

My script uses the include function. The included files are not supposed to echo anything. Just in case someone (ex = hacker) tries, I need a way to remove.

回答1:

<?php

ob_start();
echo 'a';
print 'b';

// some statement that removes all printed/echoed items
ob_end_clean();

echo 'c';

// the final output is equal to 'c', not 'abc'

?>

Output buffering functions

The output buffering functions are also useful in hackery to coerce functions that only print to return strings, ie.

<?php
ob_start();
var_dump($myVar);
$data = ob_get_clean();
// do whatever with $data
?>


回答2:

while @monoxide is right, its better to find more intuitive ways of doing the same. e.g.:

<?php
$val_to_print = $a;
if( $need_to_change==true ) 
    $val_to_print = $b;
// when you are sure you won't have to change again...
echo $val_to_print;
?>

Cheers,

jrh



回答3:

Ideally, you shouldn't output anything that you don't ultimately want printed. Keep your logic separate from your presentation for less frustration.

That being said, you can consult the Output Buffering options within PHP.



回答4:

If it is debug output and program status information you are worried about maybe trigger_error may be nearer to what you need, such as:

trigger_error ("Attempting to load report #{$report_id}.", E_USER_NOTICE);

When your script is in production it wont show up any errors as generally they are disabled or logged. It's also best to do fatal errors this way with E_USER_ERROR rather than using die ().

ob_start ();
require ($filename);
$html = ob_get_clean ();

The above will also include a file and give you its contents as a string.

Caveat: Ditching the buffer will also ditch any error messages thrown up, making debugging (potentially) a nightmare.



回答5:

If a hacker let's say has access to your PHP file, he will also be able to remove the statement clearing the output buffer.

If you are doing this because you are letting your users upload PHP scripts, let me tell you that this is an extremely bad idea.

In both cases, doing what you are asking for adds 0 security.