eg. index.html

<html>.....<body><?=$contents?></body>....</html>


when i file_get_contents(index.html), i want to have a string that contains

<html>.....<body>This is my content</body>....</html>

instead of

<html>.....<body><?=$contents?></body>....</html>

I read something like eval but i'm not sure how to use it. anyone knows?

eval(file_get_contents('./index.html'));

WARNING: Do NOT eval anything unless you are 100% sure there is either no user input involved in the variables you use or the user input is sanitized. Not doing so could cause cross-site scripting vulnerabilities in your code.

-- HW

what i do is do a


echo str_replace('<{thecontent}>', 'this is the content', $getfilecontentvariable);



u may need to double check str_replace i may have invert the order

mixed str_replace ( mixed search, mixed replace, mixed subject [, int &count] )

Yup, looks right. I use the str_replace approach, but the tag format you posted clearly wants you to eval() the file. That's a really bad idea, and I'd say 90% of phpBB's problems come from doing that.

eg. index.html

<html>.....<body><?=$contents?></body>....</html>


when i file_get_contents(index.html), i want to have a string that contains

<html>.....<body>This is my content</body>....</html>

instead of

<html>.....<body><?=$contents?></body>....</html>

I read something like eval but i'm not sure how to use it. anyone knows?

First thing, your template is called .html -- replace this with .php. Second, don't use <?= use <?php echo -- this makes your code portable.

Then,

$content = 'foo';
include_once('index.php');

This will print 'foo' in the correct places. Do not use eval() for template parsing; unless you really know PHP (which you do not).

Of course, go ahead and use eval() if you like security holes the size of the grand canyon :)

I use something simmilar to this in my template class and it could be a begining of your own template engine.


$my_template = 'index.html' ;
$my_tokkens = array (
'CONTENT' =>'Some Content' ,
'DATE'=>date("d/m/Y")
);
echo preg_replace ("/%(\w+)%/e" , "\$my_tokkens['\\1']" , file_get_contents($my_template) );


index.html

This is index.html
Today is <b>%DATE%</b>
<br /><br />
And here is some content: %CONTENT%
<br />
And here is some unused tokken %BLAH%



output should be

This is index.html
Today is <b>11/12/2008</b>
<br /><br />
And here is some content: Some Content
<br />
And here is some unused tokken

thanks guys. i used the str_replace approach

I'd say 90% of phpBB's problems come from doing that.
Do a find on "eval" in the phpBB2 code. It is only found a couple times. While the Santy flaw was due to a preg_replace with the e flag, that is the only one of the tens of flaws in phpBB2 due to evaluating code.

-- HW

function parse($filename,$param) {
ob_start();
extract($param);
include($file);
$content = ob_get_contents();
ob_end_clean();
return $content;
}

$param = array();
$param['BRAND'] = "Louis Vuitton";
$param['PRICE'] = "$695.40";

$template = "template/product.html";
echo parse($template, $param);
That is the best & simplest way to do templating.
From your "HTML" file, you can call PHP Variables in regular way like:


<html>
<body>
Brand is.. <?php echo $BRAND; ?>
Price is.. <?php echo $PRICE; ?>
</body>
</html>