|
|
Posted by malatestapunk on 10/04/34 11:58
Erwin Moller wrote:
> Chris Hope wrote:
>
> > jds5@xtra.co.nz wrote:
> >
> >> Hi There,
> >> I am absolutly stumped by this, any help appreciated.
> >> Due to factors outside of my control I have a php variable containing
> >> php code and I dont know how to evaluate it.
> >>
> >> I know its stupid, but php calls a database function (which I dont
> >> have access to) which reads in a template html file and returns it as
> >> a string. Now If I want the template to be a bit more dynamic and
> >> contain php I have a problem.
> >>
> >> After calling the database function I end up with: (examaple only)
> >> $var = "<?echo "hello world";?>";
> >> //$var is now equal to the template file - usually html but attempting
> >> to add php
> >>
> >> now if I echo that out I get:
> >> <?echo "hello world";?>
> >> but I want:
> >> hello world
> >>
> >> Can I call another instance of the php interpreter on php variable
> >> $var?
> >> Would the eval() function work?
> >>
> >> Any way to acheive what I am after?
> >
> > Use eval() - did you try it? Note that you don't need the <? and ?>
> > tags. Example:
> >
> > $var = 'echo "hello world";';
> > eval($var);
> >
> > This will display 'hello world' which is what you are wanting.
> >
>
I don't think eval() will do what you need, since the template can
contain a liberal mix of html and php. You could, however, just dump
the variable contents to a temporary file, and then include() it when
you need the output.
>
> Also, if you start evalling values from the database, be VERY sure you can
> trust them.
> If they come from userinput (forms for example) they can contain anything.
> Be paranoid.
>
> Regards,
> Erwin Moller
I agree - you may want to consider some sort of templating system for
this. It is quite an overhead but if you do accept user input as
templates, you should make sure they're very restricted rather then
trusted (as you can't really trust them).
I hope this helps,
Vladislav
Navigation:
[Reply to this message]
|