# [web] [PHP] Using "system" variables inside strings

This topic is 4591 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

## Recommended Posts

There are a number of configuration strings that are dotted throughout the website (such as company name, website URL (to stick on emails sent from the system) and so on) that are loaded off a database table into regular PHP variables. Now, what we need is some way to insert these variables into strings that are held on database tables and the like. The current function looks like this:
function include_system_vars($text) {$text = preg_replace_callback('#{\$([^}]*)}#',"pick_up_var",$text);
return $text; } function pick_up_var($var) {
$var_name =$var[1];
global $$var_name; return$$var_name;
}
For example, if you had the string $test_string = 'The company name is {$var_company_name}'; and the variable $var_company_name = 'GameDev.NET'; calling include_system_vars($test_string); would return The company name is GameDev.NET. It works, sure, but I was wondering if there was a faster or better way to do it?

##### Share on other sites
Ok, I assume you're not talking about the obvious:

$text = "The company name is$var_company_name";

[wink]

So, my guess s you mean you load the entire string "The company name is {$var_company_name}" from the database, and then want to insert the actual variable. In that case, you should be able to do this:$text = "The company name is \$var_company_name"; eval("\$newtext = \"$text\";"); and then$newtext would contain "The company name is GameDev.NET"

If none of these works, I didn't understand the question :D

##### Share on other sites
Yep, you got me right - I'm against using eval() as:
• The strings are being taken from a database that (in places) the end-users can add data to. I wouldn't want to be running eval() on these strings, just in case a user decides to type some malicious PHP code into the system and accidentally have it run...
• As anything that uses this function has to go through the function include_system_vars() anyway, I'd still have to go through the string to find out which variables to declare as global so I could access them when replacing them inside the string (through eval()).
So your solution works, it's just probably not the best solution for a system that will have users editing the text on the database. Thanks anyway!

##### Share on other sites
Quote:
 Original post by benryvesYep, you got me right - I'm against using eval() as:The strings are being taken from a database that (in places) the end-users can add data to.

Ah. Good reason. [wink]

Yeah, in that case, I'd go with either the regexp stuff, or just plain string manipulation.

##### Share on other sites
Just seconding that. You're totally correct with the use of eval and quite honestly, I doubt you'd gain a huge performance increase from using a different method anyway. What I will say, though, is those two functions look pretty cryptic. So from that standpoint, you probably have two further options:

1. Keep things as they are making sure there's plenty of documentation for these two specific functions as they'd probably be open to accidental breakage if someone else started working with them.

2. If the variables in the database table aren't used/changed that often, why not simply create a PHP inclusion file and define all of the strings in there?

I'm guessing that 2 isn't an option as I believe you probably would've considered that already, but I'd definitely make sure there's some good documentation to accompany the functions. The reason I say that, is the whole global variables/variable names thing in PHP isn't something you come across every day, and as I've said above already, it does look rather cryptic.