5

My last question wasn't explained very well.

What I'm trying to do here is insert data into a PHP File, Using the fwrite feature on another .php file.

To keep this simple, I'm labelling the one I want data inserted as file.php and the one I'm using fwrite to execute on, is edit.php

Now, I got the writing thing down, what my problem is, is I need to INSERT that data, Before the closing php tag on file.php.

What I tried doing was, deleting the closing php tag, writing the data, and then rewriting the tag.

Here is my source code for that:

<?php
$rows = file("file.php");    
$tagremove = "?>";
foreach($rows as $key => $row) {
if(preg_match("/($tagremove)/", $row)) {
    unset($rows[$key]);
}
}
file_put_contents("file.php", implode("", $rows));

$User = $_GET["user"];
$File = "file.php"; 
$Handle = fopen($File, "a");
fwrite($Handle, "");
fwrite($Handle, $User);
fwrite($Handle, "\r\n");
fwrite($Handle, "?>");
print "Data Written"; 
fclose($Handle); 
?>

When I run this on Edit.php, it inserts that data into the file, but its only writing to the first line, and replacing whatever is already there. (In my case its the opening php tag). I don't know what I'm doing wrong, or if there is another way to do this, but any assistance would be appreciated.

Edit: this is again for a chat client.

I'm having a file, that sends a message into a .txt file that the client then reads.

And that file is reading file.php (staff.php) to check if the user submitting is a staff member.

If it comes up true that the user is a staff member, then it changes the username variable in the send.php.

And so far, the send.php has only sucessfully, included the Staff.php, I've tried staff.txt, and the reason is, php code is in the staff.php.

Improve this question
9
  • You are aware this is going to kill kittens every time its executed? I mean if you hate kittens then... Commented Jun 21, 2012 at 21:01
  • Im not asking for opinions, I want to know how I can do this. Commented Jun 21, 2012 at 21:01
  • Yes, this is seriously vulnerable to code-injection. Commented Jun 21, 2012 at 21:02
  • But why are you doing it? There are sooooo many better ways... use a data file - json, ini, xml - even a serialized php array.... Commented Jun 21, 2012 at 21:03
  • 1
    If you can explain the reasoning behind what you're doing, I'm sure someone can come up with a safer alternative. Commented Jun 21, 2012 at 21:05

2 Answers 2

Reset to default
9

Try this:

$data="echo 'hello world!';";
$filecontent=file_get_contents('file.php');
// position of "?>"
$pos=strpos($filecontent, '?>');
$filecontent=substr($filecontent, 0, $pos)."\r\n".$data."\r\n".substr($filecontent, $pos);
file_put_contents("file.php", $filecontent);

Please don't forget, that you need to check data from user.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

this, is Working. I love You.
2

Ok much better alternative use a data file. Ill use json because its easy to use an very easy to parse by human eyes as well:

// read file
$data = file_get_contents('data.json');
$json = json_decode($data, true);

// manipulate data
$json['users'][] = $_GET['user'];

// write out file
$dataNew = json_encode($json);
file_put_contents('data.json', $dataNew);

the reason is, php code is in the staff.php

Well this isnt something you workaround. You should be writing/reading this kind of information form a data stor - that could be a file or a database... but not an actual script.

Improve this answer

2 Comments

But can you use the Include feature in php to include the source if theres php contained in this.
DONT INCLUDE SOURCE IN YOUR DATA. Data is data, it should not contain logic. You files should read and write data to a data source, not store data in the logic unless it is static and doesnt need to change.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.