Include dynamic PHP in generated php file

Question

I'm trying to generate php files that 'include' a template html file, as so:

$page = htmlspecialchars("Hello! <?php include("template.html"); ?>");

But, when I run it, I get:

Parse error: syntax error, unexpected T_STRING in /home/oliver/web/postmanapp.com/public/core.php on line 15

I'm pretty sure I need to escape the PHP code, just not sure how.

Answer 1

The answer is a combination of some of the other suggestions, but neither of them would solve the problem, even combined!

Problem 1. Unescaped Double Quotes

"Hello! <?php include("template.html"); ?>"

Here you have what looks like a single string. PHP sees the opening quote, and then it gets to the quote right before the word template and it says: oh, the string is done now. Then it sees template, which it thinks is a variable. Then it sees a dot and thinks it's a new concatenation operator. Then it sees the quote mark after html and it thinks it's a new string, which isn't allowed right after a variable like that.

So, you need either:

'Hello! <?php include("template.html"); ?>'

(Which is what I would recommend. Single quoted strings in PHP run slightly faster because it doesn't have to look inside the string for variables.)

or, as the other person suggested, using the escape character for the double quotes:

"Hello! <?php include(\"template.html\"); ?>"

Problem 2. Wrong place for htmlspecialchars()

But, you have another, worse problem. htmlspecialchars basically turns all HTML characters into their HTML character entities.

In other words, < becomes <.

So, what you're outputting into your PHP file will be this:

Hello! <?php include("template.html"); ?>

When you run that file, the PHP won't execute, because there isn't a valid open tag.

Problem 3. This is not a good use of include

I'm betting there's a WAY better way to solve your problem than to use PHP to write a PHP include tag that includes ANOTHER file.

An earlier user is right... file_put_contents() or file_get_contents() is probably something closer to what you want. But really, any time you're using PHP to write to PHP another file, there's probably a better way. I almost guarantee it.

Answer 2

The problem is with the ?> which always ends a code block in php, leading to an unterminated string. All you need to do is split the end tag into two separate strings which can be concatenated:

$page = htmlspecialchars("Hello! <?php include("template.html"); ?" . ">");

And, as the previous answer stated, you also need to escape the double quotes inside the string, or use single quotes:

$page = htmlspecialchars("Hello! <?php include('template.html'); ?" . ">");

I'd also recomend getting into the habit of using single quotes whenever you're not using implictic variable substitution. I seem to remember reading that it's slightly faster, as the string doesn't need parsing for variable names.

Answer 3

You have to escape any double quotes inside strings that are declared in double quotes. So this should work:

$code = "Hello! <?php include(\"template.html\"); ?>";

See PHP manual about strings.

And if you want to put that code into a file, you could use the file_put_contents function:

file_put_contents('myscript.php', $code);