writting php tags into a file

hey again everyone,

I am trying to do some auto php code writting to a file that the user uploads. I can get the code in fine, but i can't see to get it between the <? ?> tags or even <?php ?> tags. What can i do so the code i write can be between those tags. If i can't get it to do that then when i turn the file into a .php file that code won't execute. Any help would be great. THANKS

i would say before you write anything to the file include the tags like this

this is similar to what i did if i wanted to higlihgt code on the forums i created give it a try...save it as this then send it to the file

still not working right. the right ?> tag comes in but the left one does not along with some php code in the center. There has to be a way to do this. Anyone else have any other ideas?

let me see your code

LOL, I deleted it cuz i was getting mad at it. Below is the gest of what i was trying to do.


$fp = fopen("file.php","w+");

fwrite("<? $objCart->addCart;?>",1024);
fclose($fp);

That is the very simple version i had way more but like i said i deleted it. Basically all i want to do is write some php code to a new .php file. The function with a dollar sign goes in ok along with the end tag but the first tag will not write. Actually i had now luck in writting it to the file at all. OK hope that helps.

unless i'm misinterpretting your question, its general discouraged to create PHP files on the fly like that...

what's stopping someone from putting malicious code in a file and running that?

are you still trying to accomplish this, or have you given up and chosen a different method?

yup i am still trying to figure it out.

something like that should do the trick but i donno if u want to make the files as your going along or if you have the files already made..i tested this and it does work...=] hope this helps

i think the file would be created on the fly if necessary just give data.php a variable name that your site creates..then it will automatically create the page

How are you trying to create the php file ?

If possible can you give us the whole script and it would be much better

to use variables always use single quotes (') instead of double quotes (")

example:

fwrite ( $handler, '<?php' . 'echo $this->do; ' . '?>' );

the w in the fopen automatically creates the file if does not exist. So all you have to do is create a variable that has what the file name will be. and for the line youve just gave me, it should be

the reason why you need two separate quotes is because one is for the line you input and echo requires quatations too, but they cannot be the same as the line your inputting, i think thats why, give it a try let me know if it works, i see you have a class there thats why i dont know what your going to input.

I'm on board with MadCowDzz -- you have to be really careful about allowing people to write PHP to your site. What's to keep somebody from sending "unlink('/etc/passwd')" as their input and then loading the page you're writing?

I guess unlink('/etc/passwd'); wont work with most of the hosts as nowadays most of the host take care of their security either by installing a good control panel or using chkroot() ...


But still, its better to be safe.

Heh, true, Mike_r, but you never know. With all the nickel and dime providers nowadays... How'sabout unlink($PHP_SELF) as an alternative?