|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #5435 Request to update eval() or create new function.
Submitted: 2000-07-07 15:46 UTC Modified: 2007-01-07 11:01 UTC
Avg. Score:4.2 ± 1.0
Reproduced:6 of 7 (85.7%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: dahamsta at iewebs dot com Assigned:
Status: Not a bug Package: Feature/Change Request
PHP Version: 4.0.0 OS:
Private report: No CVE-ID: None
 [2000-07-07 15:46 UTC] dahamsta at iewebs dot com
Currently, to eval() regular data retrieved from a database or include file, I need to escape from PHP and re-enter it. For example:

Presume that I have retrieved data from a source, which is equivalent to a regular PHP file (including plain HTML). To operate eval() on that, and avoid parsing the HTML and thus causing PHP errors, I need to use a function like this:

function my_eval($my_eval_str) {
	$eval_str  = "?>";
	$eval_str .= $my_eval_str;
	$eval_str .= "<?";
	return eval($eval_str);

This would also make it impossible to access variables in the GLOBAL symbol table, unless I extract($GLOBALS) into the current sumbol table.

My suggestion is to either add a second eval() function that will operate in this way; or add a second argument to eval(), such as:

void eval (string code_str, string eval_type);

Where 'code_str' is the same as the current eval() function, and 'eval_type' is one of two options - one for just PHP code, and one for a string that will contain data escaped from PHP. The default could be set to the current operation, and the second argument could be optional.



Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-06-08 09:59 UTC] bigredlinux at yahoo dot com
Oh, this would be a great feature.  One thing this would add is the ability to run an xml string with processing instructions right through php, by just passing it to eval and assuming that eval knows it is going to have php somewhere in it.  Very nice feature request!
 [2003-08-17 22:50 UTC] a at b dot c dot de

works for me.
 [2007-01-07 11:01 UTC]
Works just fine.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Jun 24 14:01:29 2024 UTC