0

hi i want to know how i can make a variable equal to itself. so if i echo $var it show show $var on my screen. ive been trying to write a whole php script to a new file using php, but when i write to the file everything works except my variables disappear and i suspect that its because they equal nothing so im trying to get them to equal themselves.

$my_file = '../../../'.$_POST['username'].'.php';
$handle = fopen($my_file, 'w') or die('Cannot open file:  '.$my_file);
$data = "
<?php


$db_host        = 'localhost';
$db_user        = 'root';
$db_pass        = '';
$db_database    = 'fitnesstest';

$con = mysql_connect($db_host,$db_user,$db_pass) or die('Unable to establish 
a DB connection');

mysql_select_db($db_database,$con);

$date = strtotime('+3 day');
$dates = date('M d, Y', $date);

mysql_query('INSERT INTO ".$_POST['username']." 
(`id`, `name`, `push_ups`, `sit_ups`,  `burpees`, `pull_ups`, `body_rows`, `overs`,
`tricep_dips`, `run`, `plank_hold`, `squat_hold`, `thrusters`, `hanging_abs`, `row`,
`weight`, `bi`, `tri`, `s_scap`, `s_illiac`, `arm`, `chest_hip`, `waist`,
`belly_delts`, `thigh`) 
VALUES 
(NULL, '$dates', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', 
'0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0')');

?>

";
 file_put_contents($my_file, $data);
 fclose($handle);

every variable in $data becomes a blank space in the new file that its written to. please help, it will be much appreciated. thanks in advance.

4

3 回答 3

2

这是因为变量在双引号内展开。检查这方面的手册页

注意:与双引号和heredoc 语法不同,特殊字符的变量和转义序列在出现在单引号字符串中时不会被扩展。

使用单引号 ( ') 将其括起来或转义所有特殊字符(例如$变成\$)以避免这种情况。

更多阅读在这里

在这种独特的情况下,您可以做的另一件事是template.tpl使用您的内容创建 a ,但mysql_query('INSERT INTO ".$_POST['username']."您可以在读取模板文件时mysql_query('INSERT INTO %%USERNAME%%简单地替换%%USERNAME%%and 。%%DATES%%额外的好处是您可以获得完整的语法突出显示(因为它不在字符串中)。


创建一个名为的文件sql.php.tpl,其内容如下:

<?php
    $db_host        = 'localhost';
    $db_user        = 'root';
    $db_pass        = '';
    $db_database    = 'fitnesstest';

    $con = mysql_connect($db_host,$db_user,$db_pass) or die('Unable to establish 
    a DB connection');

    mysql_select_db($db_database,$con);

    $date = strtotime('+3 day');
    $dates = date('M d, Y', $date);

    mysql_query('INSERT INTO %%USERNAME%%
    (`id`, `name`, `push_ups`, `sit_ups`,  `burpees`, `pull_ups`, `body_rows`, `overs`,
    `tricep_dips`, `run`, `plank_hold`, `squat_hold`, `thrusters`, `hanging_abs`, `row`,
    `weight`, `bi`, `tri`, `s_scap`, `s_illiac`, `arm`, `chest_hip`, `waist`,
    `belly_delts`, `thigh`) 
    VALUES 
    (NULL, '" . mysql_real_escape_string($dates) . "', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', 
    '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0')');
?>

然后阅读它:

<?php
    $template = file_get_contents("sql.php.tpl");
    $template = str_replace("%%USERNAME%%", $_POST["username"], $template);
    file_put_contents("user.php", $template);
?>

免责声明:你正在做的是一个非常糟糕的主意。您左右都有 SQL 注入。您正在操作系统上创建新文件(我可以简单地调用一个用户名'); shell_exec("rm -rf /");并销毁您的整个服务器。您为每个用户都有表。

于 2013-08-22T12:58:51.777 回答
2

如果您正在使用 PHP 5.3+(您应该这样做),最好使用Nowdoc 语法。这样你就不会遇到单引号或双引号的转义问题。

于 2013-08-22T13:00:01.417 回答
0

我猜你将无法使用HEREDOC 。安全的赌注是NOWDOC

<?php
$my_file = '../../../'.$_POST['username'].'.php';
$handle = fopen($my_file, 'w') or die('Cannot open file:  '.$my_file);
$data=<<<'CODE'
<?php


$db_host        = 'localhost';
$db_user        = 'root';
$db_pass        = '';
$db_database    = 'fitnesstest';

$con = mysql_connect($db_host,$db_user,$db_pass) or die('Unable to establish
a DB connection');

mysql_select_db($db_database,$con);

$date = strtotime('+3 day');
$dates = date('M d, Y', $date);

mysql_query('INSERT INTO ".$_POST['username']."
(`id`, `name`, `push_ups`, `sit_ups`,  `burpees`, `pull_ups`, `body_rows`, `overs`,
`tricep_dips`, `run`, `plank_hold`, `squat_hold`, `thrusters`, `hanging_abs`, `row`,
`weight`, `bi`, `tri`, `s_scap`, `s_illiac`, `arm`, `chest_hip`, `waist`,
`belly_delts`, `thigh`)
VALUES
(NULL, '$dates', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0',
'0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0')');

?>

CODE;
file_put_contents($my_file, $data);
fclose($handle);
于 2013-08-22T13:10:02.467 回答