Posted by Chris White on 05/03/05 19:48

ben.hallert@gmail.com wrote:
> Hi guys,
>
> I've searched google groups, and while I find answers that are similar,
> I don't find anything that quite matches what I need.
>
> I like to embed string tags in some of my template (eg, 'The number of
> users online is $user_count') files so I can seperate my code and UI.
> In Perl, I made a regexp that would take the lines I read from the file
> and expand any strings. It looked like this:
>
> $variable =~ s/\$(\w+)/${$1}/g;

Why not a string replacement instead? Something like:

str_replace("\$user_count", "$user_count", "The number of users online
is \$user_count");

Unless you have strange needs for something different.

>
> I've searched, and I've found some people saying 'Hey, use eval()'. On
> further inspection, it appears that use of eval requires the function
> to know which variable to expect, (eval("$c = \"$b\"")) or for the
> string itself to be a programmatic statement (eg, eval $b and $b is
> '$b=whatever'). That seems awkward. Finally, using eval looks like it
> create a 'low hanging fruit' type of security concern.

That depends where your source is comming from. If it's user data, than
yes, it can create somewhat of a security hazard. If it's something you
know for sure, then no, it shouldn't present too much of a security hazard.

> I'd like to have a single function that handles all variable expansion
> inside of strings and doesn't need special knowledge of the names of
> strings to come.
>
> Can anyone point me in the right direction? Sure, I might be able to
> shoe-horn something into preg_match using my old regexp, but I want to
> know the lay of the land for PHP a little better since I've just
> started writing a lot in it.
>
> Thanks!
>

Hope this helps, let me know if you have further questions
Chris White

[Back to original message]