I am trying to figure out how to fwrite into a .php file with variables given through $_POST, or $_GET, supplied by the user to set variables and such. So, how would I go about getting the below code to work so that instead of fwriting the code, insert a $_GET variable for example, or in the below description, being $derp.
<?php
$derp = "working!";
$something = '<?php echo "Well Thats {$derp}' ?>';
$file = fopen("worked.php","w");
if (fwrite($file,$something) > 0) {
echo "Fwrite Successful!";
}
fclose($file);
?>
Although this use case looks very weird the following should work:
$data = array('<?php');
foreach ($_REQUEST as $key => $value) {
$data[] = "\$$key = \"$value\";";
}
$data[] = '?>';
$data = join("\n", $data);
file_put_contents('/path/to/file.php', $data);
Beware: This code imposes several security risks.
WTF is going on here?
The above code iterates through all array elements of $_GET and $_POST, combined.
By that it creates an array of lines to be written to a file.
This array will then be join()ed into a string by using the NEWLINE ascii character as the glue.
Assuming this script is called with the following query string:
?foo=bar&bar=baz
The file /path/to/file.php will then contain (file_put_contents):
<?php
$foo = "bar";
$bar = "baz";
?>
The example above does not support nested query parameters like foo[bar]=baz.