I'm creating code that allows me to create a libary of templates from the backend of my CMS website. I create them in a textarea and then write them to a database.
I then get a text string from a database and then save it to a file people.php.
$text='<?php echo\'<div class="tileContainer three_across_homePage">
<div class="tileBox three_across_box_0_homePage">
<div class="tileModule three_across_module_0_homePage">
<a href="\'.$holder[0].\'"><img src="\'.$holder[1].\'" alt="\'.$holder[2].\'" />
<div class="centeredHomePage">
\'.$holder[2].\'
<p> </p>
</a> </div>
</div>
</div>\';';
$file = 'people.php';
$current = file_get_contents($file);
$current = $text;
file_put_contents($file, $current);
I then include this file in subsequent code which creates and uses the $holder array to fill in the place holders $holder[0], $holder[1] etc
The text string is written to the database from the admin area of a CMS.
The other obvious way to do this would be eval but that would be a big security risk.
So I'm wondering if the security risk is still too big and I should just write php files that are stored on the server directly. However the trouble with this approach is how to update multiple site that are using the templates.
thanks