php - convert single quoted string to double quoted

Question

Been searching here and google for over an hour, can't seem to find the answer to this.

I have a string returned from a database query which contains variables, however it appears that these strings are all returned single-quoted and therefore the variables are not evaluated as they would be if it was double quoted.

what is returned from the sql query would be the $result:

This will not evaluate the 2 variables:

$myname = 'david';
$occupation = 'Beginner';
$result = 'Hello my name is $myname and I my occupation is $occupation';
echo $result;

This will evaluate the 2 variables:

$myname = 'david';
$occupation = 'Beginner';
$result = "Hello my name is $myname and I my occupation is $occupation";
echo $result;

My question is how do I convert a single-quoted string to a double-quoted string which is able to evaluate the variables ??

Thanks

score 6 · Answer 1 · answered Mar 09 '11 at 05:43

PHP does not have a standard safe way to do this, right now. There has been an open feature request for years asking for it: http://bugs.php.net/bug.php?id=43901

One of the comments on the ticket offers a regex to do simple $foo and ${foo} substitution:

function stringExpand($subject, array $vars) {
  foreach ($vars as $name => $value) {
    $subject = preg_replace(sprintf('/\$\{?%s\}?/', $name), $value, $subject);
  }
  return $subject;
}

chim · Answer 2 · 2016-03-23T10:38:11.460

If you know the names of the variables you want to replace you can do this...

$myname = 'david';
$occupation = 'Beginner';
$result = 'Hello my name is $myname and I my occupation is $occupation';

$result = str_replace( 
              array('$myname', '$occupation'),  
              array($myname, $occupation),
              $result );

Which will be quicker than Nathan's stringExpand function, but if you don't know the variable names, then do use Nathan's method.

The problem I was trying to solve when I found this question was to do with linebreaks in a csv feed and was solved something like this:

// string from drupals csv feed tamper settings
$string = '22 Acacia Avenue\n Irlam\n Manchester'; 
$string = str_replace('\n', "\n", $string);
print nl2br($string); // demonstrates that the \n's are now linebreak characters

score 1 · Answer 3 · answered Mar 09 '11 at 05:39

1

You could do something like this:

<?php
$myname = 'david';
$occupation = 'Beginner';
eval("\$result = 'Hello my name is $myname and I my occupation is $occupation';");
echo $result;
?>

However, I strongly DO NOT recommended evaluating any code from a database. Anything out of your control is a security risk.

answered Mar 09 '11 at 05:39

Kavi Siegel

2,964
2
24
33

4

Ugh, don't use eval, **especially** for strings coming from a database. Unless you have strict control or perfectly sanitize the strings, this can be a horrible security hole. – Nathan Ostgard Mar 09 '11 at 05:45
1

Exactly as I said below the code snippet ;) A replacement method would be better suited, as you posted, but I answered the question literally. Have an upvote – Kavi Siegel Mar 09 '11 at 05:46
Haha, my bad. I saw the `eval` and my vision just went blurry. :D – Nathan Ostgard Mar 09 '11 at 05:49

php - convert single quoted string to double quoted

3 Answers3

Linked