0

So I have this code,

<?php
header('Content-type: text/plain');
$var_str = $_GET['t0'];
$var = "<?php\n\n\$$text = $var_str;\n\n?>";
file_put_contents('temps.php', $var);
include 'temps.php';
echo $text;
?>

And i want it to store the variable that it gets from http://Mylink.com/apage.php?t0=3 (or basically that 3) to temps.php? when i go to that page, it gives the following error.

Fatal error: Call to undefined function 3() in /home/content/f/e/d/apage.php on line 3

Improve this question
7
  • $_GET['t0'] is already the input variable. ($text, true) does not belong there. Where did you get that from? Commented Nov 26, 2013 at 0:46
  • @mario Sorry i was mixing various code together, as you can tell im not very good at php. Commented Nov 26, 2013 at 0:50
  • @mario I changed the code to what it is above, and it now reads: <b>Parse error</b>: syntax error, unexpected '=', expecting T_VARIABLE or '$' in <b>/home/content/f/e/d/temps.php</b> on line <b>3</b><br /> Commented Nov 26, 2013 at 0:51
  • Ignore the comment above, i can no longer edit it... @mario I changed the code to what it is above, and it now reads: <b>Parse error</b>: syntax error, unexpected '=', expecting T_VARIABLE or '$' in <b>/home/content/f/e/d/temps.php</b> on line <b>3</b><br /> When visiting mysite.com/apage.php?t0=3 Commented Nov 26, 2013 at 0:57
  • I believe you are getting a new error and notice now. Writing user input into PHP files is not an advisable approach generally. But what are you planning to do here? Is temps.php a template file? Are you trying to create one .php script per page? Because just writing variables to one file and including it right back seems a bit longwinded by itself. Commented Nov 26, 2013 at 0:59

2 Answers 2

Reset to default
1

this will save only the value of $_GET['t0']:

$content = $_GET['t0'].PHP_EOL;
file_put_contents('temps.php', $var);

The rest looks really insecure and i don't see the point. Could you paste the wanted end result of temps.php?

EDIT ok in that case use this to save the content to a txt file:

somefile.php

 $content = $_GET['t0'];
 file_put_contents('temps.txt', $content);

Put this in temps.php:

temps.php

$text = file_get_contents('temps.txt');

and echo $text; will work

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I want to be able to do echo $text; from any php page(with temps.php included into it) and have it show t0=(the variable)
put this i temps.php? i assumed that meant to put the following line in temps.php
so somefile.php is $content = $_GET['t0'].PHP_EOL; file_put_contents('temps.txt', $var); and to get that i do $text = file_get_contents('temps.txt'); echo $var
i cleaned up the code a bit, but yes, you got the idea. Its nice and easy :)
Thanks again! now ill need to be asking another question related to the device that puts the variable :P.
0

You are using this to prepare some output for writing to a .php include:

 $var = "<?php\n\n\$$text = $var_str;\n\n?>";

While the approach is okay, you overlooked some syntax gotchas here.

First you wrote \$$text. This will result in a literal $ being kept in your $var output variable. But $text will be gone because it is interpolated into an empty string in your $var string.

$text was an undefined variable at this point in your code. Raise error_reporting() to E_ALL to notice such issues.

So in the end, this would become your output temps.php file:

<?php  $ = 3; ?>

To get a proper variable name there, thus better use:

$var = "<?php  \$text = $var_str;   ?>"; 
#                ^

(Just one escaped dollar sign here, no double $$.)

To make your code somewhat more safe to deploy, you should also escape or sanitize $var_str before (it was potentially user input). Use intval or var_export here:

$var_str = $_GET['t0'];
$var_str = var_export($var_str, 1);
$var = "<?php   \$text = $var_str;    ?>";

Then your output file becomes:

<?php  $text = 3; ?>

But would also work for strings.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.