Escaping large portion of PHP code

Hi everyone,

I am trying to use this PHP script to write another PHP file. The problem I am having is that I don’t know how to escape the code that I want the script to write. Right now, it tries to parse the code as one would expect.

Is there an easy way to get php to write the whole portion of code inserted into the $data variable without having it process the code?

The code I want to be written to the PHP file looks mostly like this:

<?php 

$email         = $_GET['ref'];
$youremail     = "response@domain.com";
$subject       = "Response to...";
$today         = date ("j F Y");
$address	   = "noreply@domain.com";
$mailheaders   =  "";
		
		$strMessageBody .= "The following person has responded to ....: \
 \
";
		$strMessageBody .= "$ref \
";

$sql="INSERT INTO response (email)
VALUES ('$ref')";

if (!mysql_query($sql))
  {
  die('Error: ' . mysql_error());
  }
header("Location: http://www.newpage.com");

//mysql_close($sql)

		//# Send email message...
		$mailheaders = "From: $address\\r\
";
		$mailheaders .="X-Mailer: PHP Mail generated by: domain.com\\r\
";
		$mailheaders .="Content-Type: text/plain; \\r\
";
		mail($youremail, $subject, $strMessageBody, $mailheaders);

?>

Webid

If you are using PHP < 5.3, then nowdocs are not available, and you would have to use a Heredoc and escape the $ signs, as stated by Mittineague, and also the backslash characters in your code, otherwise PHP will write the newlines to the file.

Also, in my experience, using
or \r
in mail headers is problematic, so I use the constant PHP_EOL.

Also, the tutorial you referenced does not take advantage of the file_put_contents function introduced in PHP 5, which handles the fopen(), fwrite(), and fclose() calls.

Your code should look something like this:

<?php

$data = <<<EOT
<?php

\\$email         = \\$_GET['ref'];
\\$youremail     = "response@domain.com";
\\$subject       = "Response to...";
\\$today         = date ("j F Y");
\\$address       = "noreply@domain.com";
\\$mailheaders   =  "";

        \\$strMessageBody .= "The following person has responded to ....: \\\
\\\
";
        \\$strMessageBody .= "\\$ref \\\
";

\\$sql="INSERT INTO response (email)
VALUES ('\\$ref')";

if (!mysql_query(\\$sql))
  {
  die('Error: ' . mysql_error());
  }
header("Location: http://www.newpage.com");

//mysql_close(\\$sql)

        //# Send email message...
        \\$mailheaders = "From: \\$address" . PHP_EOL;
        \\$mailheaders .="X-Mailer: PHP Mail generated by: domain.com" . PHP_EOL;
        \\$mailheaders .="Content-Type: text/plain;" . PHP_EOL;
        mail(\\$youremail, \\$subject, \\$strMessageBody, \\$mailheaders);

?>
EOT;
file_put_contents('writeme.php', $data);

This will write the contents of the Heredoc to a file called writeme.php. (I’m not feeling creative tonight). I have not looked at the semantics of your code, nor will I address security issues since you stated it was “mostly” like that.

nowdoc

The construct is ideal for embedding PHP code or other large blocks of text without the need for escaping.

If I understand you, you want to write PHP code as unparsed text to a PHP file?

Did you try backslashes before all the $ signs?