1

I am trying to write php script in a file.It was sure to get Parsing error on that.Help me assign php code to a php variable so i can write it on code.

<?php

$myFile = "testFile1.php";
$fh = fopen($myFile, 'w') or die("can't open file");
$stringData = "<?php some php code with functions ?>";
fwrite($fh, $stringData);
fclose($fh);

?>
Improve this question
7
  • Can't understand your question/problem. Commented Dec 12, 2012 at 19:57
  • 1
    writing php in to a file with php is usually a bad idea Commented Dec 12, 2012 at 19:58
  • @Dagon not always. For example, creating a configuration file. Commented Dec 12, 2012 at 20:03
  • 3
    @Hast but having your browser editable config file be code is not a good idea. Use XML or INI, never PHP. Commented Dec 12, 2012 at 20:07
  • 2
    @Hast Those are bad ideas too. They are great for letting novice users install complex software they don't understand that opens them up to total pwnage. Commented Dec 12, 2012 at 20:10

5 Answers 5

Reset to default
3

Put the string in single quotes, that you want to write to the file, otherwise it's interpreted.

$stringData = '<?php some php code ?>';

Alternatively, you could escape the code, see the chapter "Strings" in the php manual for more details: http://php.net/manual/en/language.types.string.php

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Use single quotes:

<?php

$myFile = "testFile1.php";
$fh = fopen($myFile, 'w') or die("can't open file");
$stringData = '<?php some php code ?>';
fwrite($fh, $stringData);

fclose($fh);

?>
Improve this answer

1 Comment

What if the 'some php code' contains a ' in it? Heredoc might be better.
1

For example:

    <?php

    $myFile = "testFile1.php";
    $fh = fopen($myFile, 'w') or die("can't open file");
    $var1 = 'value1';
    $var2 = 'value2';

    $stringData =
        '<?php $var1 = ' . $var1 . ';
        $var2 = ' . $var2 . ';
        do_something($var1); ?>';

    fwrite($fh, $stringData);

    fclose($fh);

?>

So just use single quotes to make sure php won't parse vars as php vars themselves, and use concatenation to put var value in the file. You also probably may use var_export($var, true) function in some cases.

Improve this answer

1 Comment

Don't use a preassigned file name. If another process attempts to write to that one as the other one is reading, _ all hell will break loose! _
0

Split the problem. Just like in JavaScript you use <\/script> or "<"+"/script", in PHP you can write "?".">".

This prevents the ?> token from being recognised.

Additionally, NOWDOC is intended for putting PHP code in a string:

$phpcode = <<<'END'
Blah blah blah
This is code with $variables, functions() and {$complex['syntax']}
END;
Improve this answer

2 Comments

That token within a string wouldn't really matter.
Was known to me about JS parsing. but thanks to you i got to know about PHP.Now I will try splitting into smaller variables and then i will append all the variables in a single one to write.
0

Why would you want to do this? Anyways, you can't. But you can ask PHP for a ransoms temp file name, create that file, write the code there, then include the file.

Also, you need to use single quotes otherwise PHP will attempt to interpret it.

$phpCrapThatWillMakeSiteVulnerableToHacking = '<?php echo "Welcome to my easially hackable website. Now I will execute $_POST["code"]!"; ' . $_POST["code"] . ' ?>';
$fileName = tempnam("/tmp", "derp");
$handle = fopen($fileName, "w");
if ($handle === FALSE)
{
    die("I derped");
}
fwrite($handle, $phpCrapThatWillMakeSiteVulnerableToHacking);
fclose($handle);
include($fileName);
Improve this answer

3 Comments

I have SQLIED a website that ranking under 3000.I have access to /proc of that so I can get or put data/file on directory that is writable.I was facing the problem while writing a php file on the server.I Know very well that it will make the webi vulnerable .LOL :P @ColeJohnson
@Injector I just died when I saw your name!
@ColeJohnson I vomited on your body the S hole.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.