Posted by Justin Koivisto on 11/11/82 11:47

Erwin Moller wrote:
> Ju Hui wrote:
>
>> thanks all your reply.
>> But the answer isn't what I want.
>>
>> I know function eval(), it will execute the string pass to the function
>> as php script.
>>
>> but my requirement is .
>>
>> $a is a string, it will retrive from db.
>> I want to insert some php script to the $a, like {php}{/php} in Smarty
>> of PHP. The code with special tag will be processed as php script.
>> like
>> [code]
>> $b=1;
>> $a="result,<? if ($b==1) echo \"b=1\" ?>";
>> print $a
>> [/code]
>> I want to get result,b=1.
>>
>> thanks .
>
> Hi,
>
> Just make sure you make the boundaries clear of the PHP code in the string
> you store in the database.
> eg:
> $myStr = "result,**PHP**if ($b==1) echo \"b=1\"**PHP** testing.";
> Now if you retrieve that string from DB, you can get the parts you want to
> execute using explode("**PHP**",$myStr) and a little coding.
>
> Of course, be sure that the seperatorstring (**PHP** in this example) cannot
> be used elsewhere, or this will fail.
>
> I must warn you, like others did, that you should try to avoid such design.
>
> If the content of the executable PHP-code is coming from users, don't trust
> it. I can contain anything, and you do NOT want to eval that. Beware.
>
> A sidenote:
> I have been coding PHP for years nonstop, and I only needed eval once.
> I got so paranoid that I needed 2 days of additional coding and testing to
> be sure it was safe.
> My point: You probably do not need eval().

I just used eval for the first time yesterday....

<?php
foreach($scoring as $page=>$words){
$evalstatemnet=array();
foreach($parts as $word){
$evalstatemnet[]='isset($words[\''.$word.'\'])';
}
if(!(eval(join(' && ',$evalstatemnet)))){
unset($scoring[$page]);
}
}
?>

Part of a search function where $word would only ever be [a-z0-9_] -
Even then, I wasn't sure if I really wanted to use it... A few hours
later, it was replaced by something else (different algo). ;)

--
Justin Koivisto, ZCE - justin@koivi.com
http://koivi.com

• Next in forum: Re: how to run php code within string?
• Prev in forum: Re: how to run php code within string?
• Thread view: Re: how to run php code within string?

[Reply to this message]