What is the best/safest way to store html mark up with php code in it into a php variable? Or is there a better solution rather than storing it into a variable?
EDIT: Sorry for not including what I am trying to do! I have a an article template that pulls all information (title/date/content/etc) from a database and loads it. I have a page where you submit an article and what I am trying to do is automate the file creation process. I want to create a file that is named the title of the article, then write the template code to it (hence the variable containing the template code and using fwrite()). I know I could just keep the template file on the website and copy it over/rename it, but if someone stumbles upon the template it is a complete mess, and I don't want to store it in plain text either.
If you're working with a public website, I would not recommend storing things like articles in files on your server. It's messy, security-iffy, memory-inefficient, and otherwise unorthodox.
This would probably be a great situation in which to use a MySQL database. I'll assume you know how to work with one using PHP, but let me know if you don't know how.
In this way, you could store the HTML in the database using PHP's
$var = htmlentities($var, ENT_QUOTES);
This way, all html characters (ex. "<", ">" and quotes as well) are encoded into the database safely. For example,
<strong>Here is HTML</strong> becomes
<strong>Here is HTML</strong>
That way, if your templates have any HTML, they can be easily and safely retrieved through
mysql_query() and displayed.