preg_replace with variable input

Question

I'm quite new to this, and have borrowed some code from another post I found, I don't know if what I am trying to do is the right or the best way, its just how I am "getting" it to work..

This is the code

<?php
$yn = $_POST['YN'];
echo $yn;
$fl='config.php'; 
        /*read operation ->*/ $tmp = fopen($fl, "r");   $content=fread($tmp,filesize($fl)); fclose($tmp);

// here goes your update
$content = preg_replace('/\$yourname = \"(.*?)\";/', '$yourname = ""$YN"";', $content);


        /*write operation ->*/ $tmp =fopen($fl, "w");    fwrite($tmp, $content);    fclose($tmp);
?>

I am trying to update a config file entry that matches $yourname with the POST result, I can echo $yn and it contains the correct value, but I can't get the variable to work in the regex replace,

$content = preg_replace('/\$yourname = \"(.*?)\";/', '$yourname = ""$yn"";', $content);

so if $yn = karl then im trying to update $yourname = "" in the file to $yourname = "karl"

but I can't get it to work, the closest I get is it updating the file with the variable as text, ie $yourname = "$yn".

hope someone can help

If you remove the double " around $yn so that you only have "$yn" does it work then? — Ajaypayne, Jul 26 '15 at 23:32
Well first off the singe `'` cant be used for variable interpolation in php. Meaning it's taken literally, and not as the value. In order for the variable value to be present you must use either `"` double quote or concatenation `'words'.$foo` — ArtisticPhoenix, Jul 26 '15 at 23:34
Variables such as `$YN` won't interpolate in single quotes (regardless of the additional double quoting mishap within). -- And this is perhaps irrelevant and hopefully not a security-critical aspect, but for proper encoding of literal values for PHP context use [`var_export`](http://php.net/var_export). — mario, Jul 26 '15 at 23:34
possible duplicate of [What is the difference between single-quoted and double-quoted strings in PHP?](http://stackoverflow.com/q/3446216) — mario, Jul 26 '15 at 23:36
I would also suggest using `preg_quote($var)` in any regx to properly escape special characters. With a name you might be ok, but things like `.` or `[` have special meaning in regx's — ArtisticPhoenix, Jul 26 '15 at 23:36
If I remove the double " it updates the file with $yn not the variable value — Karl, Jul 26 '15 at 23:40
same thing the `'` quotes around the replacement as I stated before, single quote doesn't replace the variable with its value, its literal text — ArtisticPhoenix, Jul 26 '15 at 23:48
@user3768497 - I feel I need to mention to that `$YN` is not the same as `$yn` - as variables are case sensitive, I see both used in the post. — ArtisticPhoenix, Jul 26 '15 at 23:56

score 0 · Answer 1 · answered Jul 26 '15 at 23:57

0

Using what you posted I managed to get it working, thank you so much :)

$content =   preg_replace( '/\$yourname = \"(.*?)\";/', '$yourname = "'.$yn.'";', $content);

answered Jul 26 '15 at 23:57

Karl

599
7
27

oh, did you mean the literal `$yourname` or the value of it? – ArtisticPhoenix Jul 27 '15 at 00:03
Yeah $yourname should have been $yourname and $yn the variable value, I managed to get what I wanted working, thank you so much for your help :) – Karl Jul 27 '15 at 09:56

ArtisticPhoenix · Accepted Answer · 2015-07-27T00:09:09.757

I would suggest using a pattern like this

     preg_replace( '/'.preg_quote( $yourname ).'\s*=\s*\"[^\"]+\";/', $yourname.'="'.$yn.'";', $content);

..'\s*=\s*\"([^\"]+)\";

preg_quote( $yourname ) - escaped variable input ( literal match )
\s* - one or more spaces
= - literal (=)
\s* - one or more space
\" - literal (")
[^\"]+ - match any character not a (") greedy match as many times as possible.
\" - literal (")
; literal (;)

In this case ( because it uses double quotes ), it's (prudent?) better to use concatenation and save the headache of escaping it. No need to be fancy when simplicity will win the day.

Also be wary of mistakes like this $yn vs $YN in php variable names are case sensitive, without that knowledge it can be a major challenge to find the error, because to us humans it looks the same. Of course it doesn't help that file names, class names, functions and methods are case insensitive ( on Windows ). Really not sure if class and method names are case sensitive on linux, I try to avoid the issue and always use the same casing.

Seeing as it looks like the OP possibly wanted $yourname ( literally ) I updated the regx

 preg_replace( '/\$yourname\s*=\s*\"[^\"]+\";/', '$yourname="'.$yn.'";', $content);

https://regex101.com/r/yM9cX9/1

preg_replace with variable input

2 Answers2