variables inside strings

[mapix]

i will declare 2 variables

$user = "huh";

$loginmins = 100;

 

ok now i will retrive a string from the database. the string will look like this

 

"Welcome $user, logged in for $loginmins"

 

Now i want $user and $loginmins to automagically be replaced with the 2 variables.

 

The string is trusted and i know what i'm doing, thanks in advance.

[jitesh]

$bodytag = str_replace(array("$user","$loginmins"), array("huh",100), "Welcome $user, logged in for $loginmins");

 

[taith]

$user = "huh";
$loginmins = 100;
echo "Welcome $user, logged in for $loginmins";

 

does that not work?

[Ninjakreborn]

There are a few rule's to keep in mind with extrapolation.

1. The '' are meant for strings that are NOT going to require extrapolations (variable replacements) or escapes.

2. The "" is meant to be used when Extrapolations are expected.

3. If it's an array do not put the single quotes in.

$string = "Hello what is $row['name'] doing."; // wrong

$string = "Hello what is {$row[name]} doing."; // right

 

4. Either way the recommended way (on php.net's website) that the right way to do it in all situations is

{$variable}

That is the recommended way to run into the least amount of problems.

THe only time I ever place variables straight into a string (without using {}) is with queries because I have encountered problems with it before.

$sql = "SELECT * FROM users WHERE id = '$id';";

That is the only kind of situation where I don't use {} because it's a query, and it can cause problems.

[trq]

eval() is the function you are looking for.

[jitesh]

Thorpe is 100% right

 

eval
(PHP 3, PHP 4, PHP 5)

eval -- Evaluate a string as PHP code
Description
mixed eval ( string code_str )


eval() evaluates the string given in code_str as PHP code. Among other things, this can be useful for storing code in a database text field for later execution. code_str does not have to contain PHP Opening tags. 

There are some factors to keep in mind when using eval(). Remember that the string passed must be valid PHP code, including things like terminating statements with a semicolon so the parser doesn't die on the line after the eval(), and properly escaping things in code_str. To mix HTML output and PHP code you can use a closing PHP tag to leave PHP mode. 

Also remember that variables given values under eval() will retain these values in the main script afterwards. 

A return statement will terminate the evaluation of the string immediately. As of PHP 4, eval() returns NULL unless return is called in the evaluated code, in which case the value passed to return is returned. In case of a parse error in the evaluated code, eval() returns FALSE. In case of a fatal error in the evaluated code, the whole script exits. In PHP 3, eval() does not return a value. 

Example 1. eval() example - simple text merge 

<?php
$string = 'cup';
$name = 'coffee';
$str = 'This is a $string with my $name in it.';
echo $str. "\n";
eval("\$str = \"$str\";");
echo $str. "\n";
?>  

The above example will output:

This is a $string with my $name in it.
This is a cup with my coffee in it.




Tip: As with anything that outputs its result directly to the browser, you can use the output-control functions to capture the output of this function, and save it in a string (for example).

See also call_user_func(). 

[Ninjakreborn]

Again, eval was something I was told "not" to use.  Not saying thorpe is wrong, but I just know that I read somewhere (I know this is true), that there was a quote from rasmon (Creator of php) who said

"If Eval is the answer, then most likely you are not asking the right question."

There is something bad about using Eval, I don't know what, don't know why, but I am pretty sure if the creator of it himself said something about it, then it's not something that should be used.

[trq]

Firstly, its Rasmus not Rasmon. And yes, I've read that quote and would agree with it. Eval can be very dangerous if the string is untrusted (ie user inputted) as it can lead to arbitrary code execution.

[Ninjakreborn]

I meant rasmus but thank you for the correction.