$a="my result=<?=2+2?>"
echo $a

I want to get :my result=4;

how to write this script?
any comments are welcome...
thanks.

Ju Hui wrote:[color=blue]
> $a="my result=<?=2+2?>"
> echo $a
>
> I want to get :my result=4;
>
> how to write this script?
> any comments are welcome...[/color]

eval()

But only use it if strictly necessary, consider other options first.

Grtz,
--
Rik Wasmus

$a="my result=".(2+2);
echo $a

$a="my result=".(2+2);
echo $a

it might can help u

<?php
eval("\$myresult = 2+2;");
echo $myresult;
?>

and if u're really interested in learning php, u'll like to go

http://www.php.net/manual

thanks all your reply.
But the answer isn't what I want.

I know function eval(), it will execute the string pass to the function
as php script.

but my requirement is .

$a is a string, it will retrive from db.
I want to insert some php script to the $a, like {php}{/php} in Smarty
of PHP. The code with special tag will be processed as php script.
like

Expand|Select|Wrap|Line Numbers

1. $b=1;
2. $a="result,<? if ($b==1) echo \"b=1\" ?>";
3. print $a
4.  

I want to get result,b=1.

thanks .

Ju Hui wrote:
[color=blue]
> thanks all your reply.
> But the answer isn't what I want.
>
> I know function eval(), it will execute the string pass to the function
> as php script.
>
> but my requirement is .
>
> $a is a string, it will retrive from db.
> I want to insert some php script to the $a, like {php}{/php} in Smarty
> of PHP. The code with special tag will be processed as php script.
> like
>

Expand|Select|Wrap|Line Numbers

1. > $b=1;
2. > $a="result,<? if ($b==1) echo \"b=1\" ?>";
3. > print $a
4. > 

> I want to get result,b=1.
>
> thanks .[/color]

Hi,

Just make sure you make the boundaries clear of the PHP code in the string
you store in the database.
eg:
$myStr = "result,**PHP**if ($b==1) echo \"b=1\"**PHP** testing.";
Now if you retrieve that string from DB, you can get the parts you want to
execute using explode("**PHP**",$myStr) and a little coding.

Of course, be sure that the seperatorstring (**PHP** in this example) cannot
be used elsewhere, or this will fail.

I must warn you, like others did, that you should try to avoid such design.

If the content of the executable PHP-code is coming from users, don't trust
it. I can contain anything, and you do NOT want to eval that. Beware.

A sidenote:
I have been coding PHP for years nonstop, and I only needed eval once.
I got so paranoid that I needed 2 days of additional coding and testing to
be sure it was safe.
My point: You probably do not need eval().

Regards,
Erwin Moller

Erwin Moller wrote:[color=blue]
> Ju Hui wrote:
>[color=green]
>> thanks all your reply.
>> But the answer isn't what I want.
>>
>> I know function eval(), it will execute the string pass to the function
>> as php script.
>>
>> but my requirement is .
>>
>> $a is a string, it will retrive from db.
>> I want to insert some php script to the $a, like {php}{/php} in Smarty
>> of PHP. The code with special tag will be processed as php script.
>> like
>>

Expand|Select|Wrap|Line Numbers

1. >> $b=1;
2. >> $a="result,<? if ($b==1) echo \"b=1\" ?>";
3. >> print $a
4. >> 

>> I want to get result,b=1.
>>
>> thanks .[/color]
>
> Hi,
>
> Just make sure you make the boundaries clear of the PHP code in the string
> you store in the database.
> eg:
> $myStr = "result,**PHP**if ($b==1) echo \"b=1\"**PHP** testing.";
> Now if you retrieve that string from DB, you can get the parts you want to
> execute using explode("**PHP**",$myStr) and a little coding.
>
> Of course, be sure that the seperatorstring (**PHP** in this example) cannot
> be used elsewhere, or this will fail.
>
> I must warn you, like others did, that you should try to avoid such design.
>
> If the content of the executable PHP-code is coming from users, don't trust
> it. I can contain anything, and you do NOT want to eval that. Beware.
>
> A sidenote:
> I have been coding PHP for years nonstop, and I only needed eval once.
> I got so paranoid that I needed 2 days of additional coding and testing to
> be sure it was safe.
> My point: You probably do not need eval().[/color]

I just used eval for the first time yesterday....

<?php
foreach($scoring as $page=>$words){
$evalstatemnet=array();
foreach($parts as $word){
$evalstatemnet[]='isset($words[\''.$word.'\'])';
}
if(!(eval(join(' && ',$evalstatemnet)))){
unset($scoring[$page]);
}
}
?>

Part of a search function where $word would only ever be [a-z0-9_] -
Even then, I wasn't sure if I really wanted to use it... A few hours
later, it was replaced by something else (different algo). ;)

--
Justin Koivisto, ZCE - justin@koivi.com
http://koivi.com

Justin Koivisto wrote:
[color=blue]
> Erwin Moller wrote:[color=green]
>> Ju Hui wrote:
>>[color=darkred]
>>> thanks all your reply.
>>> But the answer isn't what I want.
>>>
>>> I know function eval(), it will execute the string pass to the function
>>> as php script.
>>>
>>> but my requirement is .
>>>
>>> $a is a string, it will retrive from db.
>>> I want to insert some php script to the $a, like {php}{/php} in Smarty
>>> of PHP. The code with special tag will be processed as php script.
>>> like
>>>

Expand|Select|Wrap|Line Numbers

1. >>> $b=1;
2. >>> $a="result,<? if ($b==1) echo \"b=1\" ?>";
3. >>> print $a
4. >>> 

>>> I want to get result,b=1.
>>>
>>> thanks .[/color]
>>
>> Hi,
>>
>> Just make sure you make the boundaries clear of the PHP code in the
>> string you store in the database.
>> eg:
>> $myStr = "result,**PHP**if ($b==1) echo \"b=1\"**PHP** testing.";
>> Now if you retrieve that string from DB, you can get the parts you want
>> to execute using explode("**PHP**",$myStr) and a little coding.
>>
>> Of course, be sure that the seperatorstring (**PHP** in this example)
>> cannot be used elsewhere, or this will fail.
>>
>> I must warn you, like others did, that you should try to avoid such
>> design.
>>
>> If the content of the executable PHP-code is coming from users, don't
>> trust it. I can contain anything, and you do NOT want to eval that.
>> Beware.
>>
>> A sidenote:
>> I have been coding PHP for years nonstop, and I only needed eval once.
>> I got so paranoid that I needed 2 days of additional coding and testing
>> to be sure it was safe.
>> My point: You probably do not need eval().[/color]
>
> I just used eval for the first time yesterday....
>
> <?php
> foreach($scoring as $page=>$words){
> $evalstatemnet=array();
> foreach($parts as $word){
> $evalstatemnet[]='isset($words[\''.$word.'\'])';
> }
> if(!(eval(join(' && ',$evalstatemnet)))){
> unset($scoring[$page]);
> }
> }
> ?>
>
> Part of a search function where $word would only ever be [a-z0-9_] -
> Even then, I wasn't sure if I really wanted to use it... A few hours
> later, it was replaced by something else (different algo). ;)
>[/color]

Hi Justin,

I do not see how that piece of code makes sure that no naughty commands are
executed.
It completely depends on what $scoring contains.
If you let me deliver that $scoring-array, I think I can delete the content
of your harddrive.
But maybe I miss something completely. :-/

Regards,
Erwin

Erwin :
I am using a system which using templates design. all layout can
modify from templates, and all templates' html code was saved in mysql
db.
one templete is named headerNavigation. It will show 'Login' or
'Logout', I want to show login if the user doesn't login, and show
logout if the user logined.
I want to judge whether user logined or not by one session value. So I
want to insert php code in this template. normal user can't change my
template.
you said:
execute using explode("**PHP**",$myStr) and a little coding.
I just want to know how to execut php code in a string variable which
contain 'if' 'else' and other php scripts.

I did a test like below:

1 <?
2 $a="if (2>1) echo \"2>>>>1\";";
3 echo eval($a);
4 echo "\n";
5 ?>

the result is :2>>>>1

maybe it's what I need.

any vulnerability in it?

thanks you all.

Erwin Moller wrote:[color=blue]
> Justin Koivisto wrote:
>[color=green]
>> I just used eval for the first time yesterday....
>>
>> <?php
>> foreach($scoring as $page=>$words){
>> $evalstatemnet=array();
>> foreach($parts as $word){
>> $evalstatemnet[]='isset($words[\''.$word.'\'])';
>> }
>> if(!(eval(join(' && ',$evalstatemnet)))){
>> unset($scoring[$page]);
>> }
>> }
>> ?>
>>
>> Part of a search function where $word would only ever be [a-z0-9_] -
>> Even then, I wasn't sure if I really wanted to use it... A few hours
>> later, it was replaced by something else (different algo). ;)[/color]
>
> I do not see how that piece of code makes sure that no naughty commands are
> executed.
> It completely depends on what $scoring contains.
> If you let me deliver that $scoring-array, I think I can delete the content
> of your harddrive.
> But maybe I miss something completely. :-/[/color]

See above.. the stuff that was used in the eval statement could only
contain letters a-z (lowercase only), digits 0-9, and the underscore.
Then they were single quoted, so the eval statement would look something
like:

isset($words['testing']) && isset($words['12_435']) &&
isset($words['id_17'])

The $scoring array been constructed in the function, and if there was
found to be any characters other than specified above, the function
would have returned FALSE long before it reached that loop.

--
Justin Koivisto, ZCE - justin@koivi.com
http://koivi.com