Page 1 of 1

Parsing variables in a string

Posted: Fri Dec 22, 2006 8:08 am
by richmix
Hey all, I know you can parse variables in a string by encapsulating it in double quotes instead of singles, but I have a problem. I'm obtaining the string from file_get_contents(). Thus:

Code: Select all

<?php
$var = get_file_contents(input.php);
exit;
</php

forces $var into a string. But there are variables in the input file! It doesn't parse them, so if I echo $var, it just reads something like My name is $var because it's acting like the string is encapsulated in single quotes! How can I change this behavior? I can't find any way to do it, and I need to parse the variables.

Posted: Fri Dec 22, 2006 8:15 am
by Popcorn
eval()

Posted: Fri Dec 22, 2006 10:45 am
by John Cartwright
unless the file your getting is not local, your kind of stuck using eval.. although I would consider this a MAJOR security risk, especially if you don't control what is on that file.

Otherwise, use include().

Posted: Fri Dec 22, 2006 2:37 pm
by richmix
That was exactly what I was looking for, thank you. Security is no issue on this go-around just because all the file contains is HTML code (for an email template). Do you think, though, that you could enlighten me on what is wrong with using this function security-wise? From what I can tell, it just returns PHP code, which is then processed normally by the server. Why would that be risky?