Can't seem to add a variable inside a <li> </li> in one of the templates.

[rcane]

I'm trying to add a variable value to appear on the index templates <li> list that shows their name, unread posts, and time, etc.

I cannot seem to get the syntax proper to include (for example):   "your value is:  " . $variable


I can get simple text inside the list item, but can't seem to get a variable to reflect. 

I'm sure it's simple, but just escaping me at the moment.

[Aleksi "Lex" Kilpinen]

Want to share a bit more? Perhaps, what code do you have now, and what do you want to add to it?

[rcane]

Want to share a bit more? Perhaps, what code do you have now, and what do you want to add to it?

Code Select Expand

    echo '
                    </p>
                    <ul class="reset">
                        <li class="greeting">', $txt['hello_member_ndt'], ' ', $context['user']['name'], '</li>
                        <li>SOMETHING HERE</li>
                        <li><a href="', $scripturl, '?action=unread">', $txt['unread_since_visit'], '</a></li>
                        <li><a href="', $scripturl, '?action=unreadreplies">', $txt['show_unread_replies'], '</a></li>
                        <li class="user_time">' ,$context['current_time'], '</li>
                    </ul>';
I was wanting to show the $user_info['id'] (for example ,as it's a global) above where it says SOMETHING HERE.


This was from the index.template.php in the theme's directory

[Aleksi "Lex" Kilpinen]

Code Select Expand

 
<li>', $context['user']['id'], '</li>
Will simply output the user ID.

[rcane]

Code Select Expand

 
<li>', $context['user']['id'], '</li>
Will simply output the user ID.

Ok.  Can you explain how that works?  The entire list class is echoed inside php.  So, does the single quote mean you are tucking php "inside" an html list?

Also, can you see any security risk by showing that id? 

I am using those id numbers as a database key to bring member's donations up in an html table.  Going forward, I'd like them to have that # when they go to an online donation site (such as Venmo), to enter into the "notes" section of a transaction. 

I can't find any place where a regular member has a need for that number (where it could be a threat) unless they're making a manual link to another member's profile or such.   You'd have to hover over someone to see theirs.   

If it's a threat, I could make a new random list and then have their ID translated on the fly to give them some pseudo # instead.

[Aleksi "Lex" Kilpinen]

Well, I don't think I'm the best to try and explain that really But, yeah that's basically it - With php, you can jump back and forth between php and html, since everything in that file is actually "tucked inside" some php.

And no, no inherent risk that I can think of - The ID is already part of your profile link, for example
My profile here: https://www.simplemachines.org/community/index.php?action=profile;u=136049
My user ID=136049

[rcane]

Well, I don't think I'm the best to try and explain that really But, yeah that's basically it - With php, you can jump back and forth between php and html, since everything in that file is actually "tucked inside" some php.

And no, no inherent risk that I can think of - The ID is already part of your profile link, for example
My profile here: https://www.simplemachines.org/community/index.php?action=profile;u=136049
My user ID=136049

Right.  That's why I didn't think it was a risk having it out there.  Anyone that knows how to look at it would see it.  Thanks. 

I'm still about 1/2 way in a php course (it's more fun than swift for iOS that's for sure...or at least you can see results more quickly), and it's not gotten into the tucking and such. 

[Arantor]

OK, so what's happening is that the PHP script has one job: write out some HTML.

An echo statement is "write this out", the fact it is HTML is actually irrelevant, the echo statement does not care.

It is just going "write out the contents of this literal string, then this variable, then this literal string, then this variable". The fact the literal strings contain HTML is of no concern to the PHP and only has meaning if you plug it into a browser.

A command line script running the same statement will write out the HTML to the console and it will have no meaning.

[rcane]

OK, so what's happening is that the PHP script has one job: write out some HTML.

An echo statement is "write this out", the fact it is HTML is actually irrelevant, the echo statement does not care.

It is just going "write out the contents of this literal string, then this variable, then this literal string, then this variable". The fact the literal strings contain HTML is of no concern to the PHP and only has meaning if you plug it into a browser.

A command line script running the same statement will write out the HTML to the console and it will have no meaning.

Ok, seeing it. 

The php " versus ' syntax is still slightly confusing, especially when I see it used interchangeably--the author of whatever I'm reading being irresponsible not withstanding.

[Arantor]

They are mostly but not entirely interchangeable. Both indicate "this is a string".

However, single quote means "treat this exactly as I entered it" with the only special case being \ primarily to let you put a single quote inside the text.

Double quotes do a lot of special work, mostly around being more lax with \ such that in single quotes putting \n gets you a backslash and an n, but in double quotes you get a new line character.

Double quotes also let you do interpolation but this is not often encouraged as it usually ends up as a security hole.

PHP manual on the subject: https://www.php.net/manual/en/language.types.string.php (SMF does not use or encourage either heredoc or nowdoc format and prefers single quote where possible.)