php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #5435 Request to update eval() or create new function.
Submitted: 2000-07-07 15:46 UTC Modified: 2007-01-07 11:01 UTC
Votes:8
Avg. Score:4.2 ± 1.0
Reproduced:6 of 7 (85.7%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: dahamsta at iewebs dot com Assigned:
Status: Not a bug Package: Feature/Change Request
PHP Version: 4.0.0 OS:
Private report: No CVE-ID: None
 [2000-07-07 15:46 UTC] dahamsta at iewebs dot com
Currently, to eval() regular data retrieved from a database or include file, I need to escape from PHP and re-enter it. For example:

Presume that I have retrieved data from a source, which is equivalent to a regular PHP file (including plain HTML). To operate eval() on that, and avoid parsing the HTML and thus causing PHP errors, I need to use a function like this:

function my_eval($my_eval_str) {
	$eval_str  = "?>";
	$eval_str .= $my_eval_str;
	$eval_str .= "<?";
	return eval($eval_str);
}

This would also make it impossible to access variables in the GLOBAL symbol table, unless I extract($GLOBALS) into the current sumbol table.

My suggestion is to either add a second eval() function that will operate in this way; or add a second argument to eval(), such as:

void eval (string code_str, string eval_type);

Where 'code_str' is the same as the current eval() function, and 'eval_type' is one of two options - one for just PHP code, and one for a string that will contain data escaped from PHP. The default could be set to the current operation, and the second argument could be optional.

Ta,
adam

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-06-08 09:59 UTC] bigredlinux at yahoo dot com
Oh, this would be a great feature.  One thing this would add is the ability to run an xml string with processing instructions right through php, by just passing it to eval and assuming that eval knows it is going to have php somewhere in it.  Very nice feature request!
 [2003-08-17 22:50 UTC] a at b dot c dot de
eval("?>".$my_eval_str);

works for me.
 [2007-01-07 11:01 UTC] bjori@php.net
Works just fine.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 12 09:01:27 2024 UTC