how to write variables value with file_put_contents()?

Question

Have been trying to figure this out all day assuming its just a small error.....

I\'m trying to use the file_put_content to put a variables value into anoth

Answer 1

The problem is that you are using single quotes, so the variables are not shown.

Change:

file_put_contents("/home/files/1/741/html/WP/$GDI_user/config.php",'<?

$affiliate_reference = "$UNQ_ID";
echo $UNQ_ID;

?>');

to:

file_put_contents("/home/files/1/741/html/WP/$GDI_user/config.php","<?

$affiliate_reference = '$UNQ_ID';
echo $UNQ_ID;

?>");

Note that I have changed the double quotes for $affiliate_reference to single quotes. If you need double quotes, you can escape them:

$affiliate_reference = \"$UNQ_ID\";

Answer 2

You're using single quotes. You cannot embed variable's values into a single-quoted string. Use concatenation, double-quotes, or heredoc.

http://php.net/string

And I think leading zeros in a number might cause problems, but I'm not sure. Plus it's always safe to use addslashes in situations like this.

$escaped_UNQ_ID = addslashes($UNQ_ID);

file_put_contents("/home/files/1/741/html/WP/$GDI_user/config.php", "<?php

\$affiliate_reference = \"$escaped_UNQ_ID\";
echo \$affiliate_reference;

?>");

Answer 3

Change the single quotes surrounding the string you are writing to the file to doubles quotes. So:

file_put_contents("/home/files/1/741/html/WP/$GDI_user/config.php",'<?

$affiliate_reference = "$UNQ_ID";
echo $UNQ_ID;

?>');

...becomes...

file_put_contents("/home/files/1/741/html/WP/$GDI_user/config.php","<?php\n\n  $affiliate_reference = '$UNQ_ID';\n  echo $UNQ_ID;\n\n?>");

A couple of thoughts on this operation

• Don't use PHP short tags - use <?php instead of <? as short tags are not supported everwhere and are disabled by default on new PHP installations
• Don't put new-line literals in the middle of quoted strings, use HEREDOC syntax if you want to do that. It's best to avoid this if possible as it can lead to cross-platform compatibility issues. Use \r, \n, \r\n and the PHP_EOL constant instead.
• Read this thoroughly so you know exactly what you can and can't do, and where.

Answer 4

You're using ' to define the string, this means that the value will be left unparsed. The trick here, though, is that you want $UNQ_ID parsed, but you want $affiliate_reference left as is. This means you have to escape or manually concatenate

I would use this instead:

'<?

$affiliate_reference = "'.$UNQ_ID.'";
echo '.$UNQ_ID.';

?>'

Notice, I am using the single quote for the majority of the string. This is purposeful, you don't want the $affiliate_reference to be output. You only want $UNQ_ID turned into its string equivalent. Your other option is to use " and escape the $:

"<?

\$affiliate_reference = "'.$UNQ_ID.'";
echo '.$UNQ_ID.';

?>"

Note the \ to escape $ in front of $affiliate_reference.

I generally prefer the first way, color syntax highlighters will make that very obvious (even notice how SO handles it), while the second example causes highlighters to glaze over the whole thing. It is a preference, but it is an important one.

Of course, there is always the silly:

$a = '$';

followed by

"<?

${a}affiliate_reference = "'.$UNQ_ID.'";
echo '.$UNQ_ID.';

?>"

Use that only with people you don't like.

Answer 5

There are a few things wrong with this code. First, to address your problem, single quotes do not expand variables. That is the difference between single quotes and double.

After cursory inspection, I would recommend the following additional changes:

1) Sanitize your input prior to inserting into the database, you can use mysql_real_escape_string for this.

2) Use copy inside of a function that recurses the directory in order to copy it. This allows proper error handling. At a minimum, sanitize $GDI_user (via basename or some other method to prevent ..)