|
|
Posted by Erwin Moller on 11/19/34 11:47
Ju Hui wrote:
> thanks all your reply.
> But the answer isn't what I want.
>
> I know function eval(), it will execute the string pass to the function
> as php script.
>
> but my requirement is .
>
> $a is a string, it will retrive from db.
> I want to insert some php script to the $a, like {php}{/php} in Smarty
> of PHP. The code with special tag will be processed as php script.
> like
> [code]
> $b=1;
> $a="result,<? if ($b==1) echo \"b=1\" ?>";
> print $a
> [/code]
> I want to get result,b=1.
>
> thanks .
Hi,
Just make sure you make the boundaries clear of the PHP code in the string
you store in the database.
eg:
$myStr = "result,**PHP**if ($b==1) echo \"b=1\"**PHP** testing.";
Now if you retrieve that string from DB, you can get the parts you want to
execute using explode("**PHP**",$myStr) and a little coding.
Of course, be sure that the seperatorstring (**PHP** in this example) cannot
be used elsewhere, or this will fail.
I must warn you, like others did, that you should try to avoid such design.
If the content of the executable PHP-code is coming from users, don't trust
it. I can contain anything, and you do NOT want to eval that. Beware.
A sidenote:
I have been coding PHP for years nonstop, and I only needed eval once.
I got so paranoid that I needed 2 days of additional coding and testing to
be sure it was safe.
My point: You probably do not need eval().
Regards,
Erwin Moller
Navigation:
[Reply to this message]
|