Parsing variables in a string

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
richmix
Forum Commoner
Posts: 31
Joined: Fri Dec 22, 2006 5:21 am

Parsing variables in a string

Post by richmix »

Hey all, I know you can parse variables in a string by encapsulating it in double quotes instead of singles, but I have a problem. I'm obtaining the string from file_get_contents(). Thus:

Code: Select all

<?php
$var = get_file_contents(input.php);
exit;
</php

forces $var into a string. But there are variables in the input file! It doesn't parse them, so if I echo $var, it just reads something like My name is $var because it's acting like the string is encapsulated in single quotes! How can I change this behavior? I can't find any way to do it, and I need to parse the variables.
User avatar
Popcorn
Forum Commoner
Posts: 55
Joined: Fri Feb 21, 2003 5:19 am

Post by Popcorn »

eval()
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

unless the file your getting is not local, your kind of stuck using eval.. although I would consider this a MAJOR security risk, especially if you don't control what is on that file.

Otherwise, use include().
richmix
Forum Commoner
Posts: 31
Joined: Fri Dec 22, 2006 5:21 am

Post by richmix »

That was exactly what I was looking for, thank you. Security is no issue on this go-around just because all the file contains is HTML code (for an email template). Do you think, though, that you could enlighten me on what is wrong with using this function security-wise? From what I can tell, it just returns PHP code, which is then processed normally by the server. Why would that be risky?
Post Reply