PHP fwrite() with executed and none executed variables

Well as you can see this is really simple code its almost doing what i want.

Basically everything between the single quotes in the second line $towrite does write into the specified file and all works.

What im having problems with is getting the $host variable to execute as a variable and not text what i want it to do is write something like this into the file


but its writing this


I have tried all sorts of variations of double quoted and single quotes with and without periods around the variable $host but i just cant seem to get it to execute how i want, the only time it did execute was when i enclosed it all in doublequotes, but as would be expected this executed both variables and i dont want the first variable to execute.

Any clues?

Please excuse my edit.. mr fat fingers decided to pay me a visit ;op


SOLVED:: May not be pretty but it works..

Does this not give you what you want?

no it doesn't, im using this to set up a variable as part of an install script im setting up.

it needs to write this to the file:

<?php $dbhost = "localhost" ; ?>

Basically write the first variable without executing it and then execute the second variable, i struggled to get the double quotes and execute the variable all at the same time, after dome thought and a lot of fiddling i figured on using double quotes but then stopping the first variable from executing by single quoting. it, like i say it dont look pretty but its working.


where i think your code would write:
<?php $dbhost = localhost ; ?>

This would probably be fine except for the password part where cpanels pass generator uses characterd that unquoted would break the code.

This

Outputs


This

Outputs


This

Ouputs this


This

Ouputs this


This

Ouputs this



is this not what you want?

Out of interest, why are you doing this?

I hope you're not going to be eval()ing it at any point

This all looks very insecure.....

Do you think or did you try it? will print out or whatever you set $host to (if you echo $towrite, that is)

i was just thinking i didnt try it as id already resolved it in my own way, i will try it out anyway as its only a small change to what i have and its easier to read and understand,

$host is going to be set by the user installing the script, its not much really but i wanted to make the install easier. uploading the database, creating configurations file with settings and that sort of thing. so far its going well, its taken me all day to work it all out but im happy with the results. (so far) lol

You have a point with it lookin insecure, at the moment it is, i have only been testing it in an unlinked directory as i wanted to get it working.

its taking information from a form, using that info to create a database with pre compiled queries, and write the configuration file for the site.

The database information is stored in a config file outside of the web path once its written to the file and the database has installed the installation directory is to be deleted. either by way of a link in the installation or manually, ive yet top look into all that.

As for security script wise, i know i have a long way to go before this could even possibly be thought about using properly, but in testing its working fine, obviously im not trying to attack my server tho lol

Just as an aside, this is what you were looking for:
You need to escape the dollar sign in $dbhost so it gets printed literally, instead of as a variable. Then you need single-quotes around $host in case it contains characters that may be interpreted when you pull the data back in.

This is also the wrong way to do things, you should be using an ini-file format (see parse_ini_file) or a database.

-Dan

Thanks dan, the ini-file doesnt appear at least on the surface to be what im looking for. If im getting what its for correct, i know the php ini can contain mysql connection information, tho the last time i installed php it was advised against doing so.

im not trying to make a 1 system program i wouldnt bother wasting my time doin all this work for just 1 install, this is mean to be a reusable installation across different sites, even servers if need be

Not php.ini, but a "general" .ini file for configuring your site, like config.ini, database.ini etc.