hi,
I am still a newbie on ssh but trying hard.
my friends website was hit by some virus which included a long encrypted malware code on each and every php file she had.
I was able to use sed command via ssh to remove the malware codes but now most pages don't have a opening <?php tag.
i made a copy of pages and tried many options but some or most files are not getting <?php at the start of the *.php page.
sed command i used removed the malware matching string but didn't left any space on start of files.
That would delete any lines, regardless of how long, that contains the string insset in its content, and it would do it in the input file. Since <?php is part of that line it will disappear.
The following would had done what it appears you wanted, leaving a <?php intact.
sed -i '/isset/c\<?php'
Of course, if there are other lines in the middle of the file with the string isset, it would replace it with <?php which might not be what you want.
Another way would be to find more about the isset block and craft an appropriate regex. Using your example: