$a="my result=<?=2+2?> "
echo $a
I want to get :my result=4;
how to write this script?
any comments are welcome...
thanks.
10  5906 
Ju Hui wrote: $a="my result=<?=2+2?> "
echo $a
I want to get :my result=4;
how to write this script?
any comments are welcome...
eval()
But only use it if strictly necessary, consider other options first.
Grtz,
--
Rik Wasmus
$a="my result=".(2+2);
echo $a
$a="my result=".(2+2);
echo $a
it might can help u
<?php
eval("\$myresul t = 2+2;");
echo $myresult;
?>
and if u're really interested in learning php, u'll like to go http://www.php.net/manual
thanks all your reply.
But the answer isn't what I want.
I know function eval(), it will execute the string pass to the function
as php script.
but my requirement is .
$a is a string, it will retrive from db.
I want to insert some php script to the $a, like {php}{/php} in Smarty
of PHP. The code with special tag will be processed as php script.
like -
$b=1;
-
$a="result,<? if ($b==1) echo \"b=1\" ?>";
-
print $a
-
I want to get result,b=1.
thanks .
Ju Hui wrote: thanks all your reply.
But the answer isn't what I want.
I know function eval(), it will execute the string pass to the function
as php script.
but my requirement is .
$a is a string, it will retrive from db.
I want to insert some php script to the $a, like {php}{/php} in Smarty
of PHP. The code with special tag will be processed as php script.
like
- $b=1;
- $a="result,<? if ($b==1) echo \"b=1\" ?>";
- print $a
-
I want to get result,b=1.
thanks .
Hi,
Just make sure you make the boundaries clear of the PHP code in the string
you store in the database.
eg:
$myStr = "result,**PHP** if ($b==1) echo \"b=1\"**PHP ** testing.";
Now if you retrieve that string from DB, you can get the parts you want to
execute using explode("**PHP* *",$myStr) and a little coding.
Of course, be sure that the seperatorstring (**PHP** in this example) cannot
be used elsewhere, or this will fail.
I must warn you, like others did, that you should try to avoid such design.
If the content of the executable PHP-code is coming from users, don't trust
it. I can contain anything, and you do NOT want to eval that. Beware.
A sidenote:
I have been coding PHP for years nonstop, and I only needed eval once.
I got so paranoid that I needed 2 days of additional coding and testing to
be sure it was safe.
My point: You probably do not need eval().
Regards,
Erwin Moller
Erwin Moller wrote: Ju Hui wrote:
thanks all your reply.
But the answer isn't what I want.
I know function eval(), it will execute the string pass to the function
as php script.
but my requirement is .
$a is a string, it will retrive from db.
I want to insert some php script to the $a, like {php}{/php} in Smarty
of PHP. The code with special tag will be processed as php script.
like
- $b=1;
- $a="result,<? if ($b==1) echo \"b=1\" ?>";
- print $a
-
I want to get result,b=1.
thanks .
Hi,
Just make sure you make the boundaries clear of the PHP code in the string
you store in the database.
eg:
$myStr = "result,**PHP** if ($b==1) echo \"b=1\"**PHP ** testing.";
Now if you retrieve that string from DB, you can get the parts you want to
execute using explode("**PHP* *",$myStr) and a little coding.
Of course, be sure that the seperatorstring (**PHP** in this example) cannot
be used elsewhere, or this will fail.
I must warn you, like others did, that you should try to avoid such design.
If the content of the executable PHP-code is coming from users, don't trust
it. I can contain anything, and you do NOT want to eval that. Beware.
A sidenote:
I have been coding PHP for years nonstop, and I only needed eval once.
I got so paranoid that I needed 2 days of additional coding and testing to
be sure it was safe.
My point: You probably do not need eval().
I just used eval for the first time yesterday....
<?php
foreach($scorin g as $page=>$words){
$evalstatemnet= array();
foreach($parts as $word){
$evalstatemnet[]='isset($words[\''.$word.'\'])';
}
if(!(eval(join( ' && ',$evalstatemne t)))){
unset($scoring[$page]);
}
}
?>
Part of a search function where $word would only ever be [a-z0-9_] -
Even then, I wasn't sure if I really wanted to use it... A few hours
later, it was replaced by something else (different algo). ;)
--
Justin Koivisto, ZCE - ju****@koivi.co m http://koivi.com
Justin Koivisto wrote: Erwin Moller wrote: Ju Hui wrote:
thanks all your reply.
But the answer isn't what I want.
I know function eval(), it will execute the string pass to the function
as php script.
but my requirement is .
$a is a string, it will retrive from db.
I want to insert some php script to the $a, like {php}{/php} in Smarty
of PHP. The code with special tag will be processed as php script.
like
- $b=1;
- $a="result,<? if ($b==1) echo \"b=1\" ?>";
- print $a
-
I want to get result,b=1.
thanks .
Hi,
Just make sure you make the boundaries clear of the PHP code in the
string you store in the database.
eg:
$myStr = "result,**PHP** if ($b==1) echo \"b=1\"**PHP ** testing.";
Now if you retrieve that string from DB, you can get the parts you want
to execute using explode("**PHP* *",$myStr) and a little coding.
Of course, be sure that the seperatorstring (**PHP** in this example)
cannot be used elsewhere, or this will fail.
I must warn you, like others did, that you should try to avoid such
design.
If the content of the executable PHP-code is coming from users, don't
trust it. I can contain anything, and you do NOT want to eval that.
Beware.
A sidenote:
I have been coding PHP for years nonstop, and I only needed eval once.
I got so paranoid that I needed 2 days of additional coding and testing
to be sure it was safe.
My point: You probably do not need eval().
I just used eval for the first time yesterday....
<?php
foreach($scorin g as $page=>$words){
$evalstatemnet= array();
foreach($parts as $word){
$evalstatemnet[]='isset($words[\''.$word.'\'])';
}
if(!(eval(join( ' && ',$evalstatemne t)))){
unset($scoring[$page]);
}
}
?>
Part of a search function where $word would only ever be [a-z0-9_] -
Even then, I wasn't sure if I really wanted to use it... A few hours
later, it was replaced by something else (different algo). ;)
Hi Justin,
I do not see how that piece of code makes sure that no naughty commands are
executed.
It completely depends on what $scoring contains.
If you let me deliver that $scoring-array, I think I can delete the content
of your harddrive.
But maybe I miss something completely. :-/
Regards,
Erwin
Erwin :
I am using a system which using templates design. all layout can
modify from templates, and all templates' html code was saved in mysql
db.
one templete is named headerNavigatio n. It will show 'Login' or
'Logout', I want to show login if the user doesn't login, and show
logout if the user logined.
I want to judge whether user logined or not by one session value. So I
want to insert php code in this template. normal user can't change my
template.
you said:
execute using explode("**PHP* *",$myStr) and a little coding.
I just want to know how to execut php code in a string variable which
contain 'if' 'else' and other php scripts.
I did a test like below:
1 <?
2 $a="if (2>1) echo \"2>>>>1\";" ;
3 echo eval($a);
4 echo "\n";
5 ?>
the result is :2>>>>1
maybe it's what I need.
any vulnerability in it?
thanks you all.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Steven T. Hatton |
last post by:
Some people have suggested the desire for code completion and refined
edit-time error detection are an indication of incompetence on the part of
the programmer who wants such features. Unfortunately these ad hominem
rhetorts are frequently introduced into purely technical discussions on the
feasibility of supporting such functionality in C++. That usually serves
to divert the discussion from the technical subject to a discussion of the...
|
by: Lues |
last post by:
Hi,
I'm trying to protect some data in tables with encription (you know why,
don't you ;))
I must confess that I'm not very expirienced in writing code, especially
encription code.
Can any one, please , send VB code for access which I can c/p into one
function. It don't have to be RSA, it can be anything which is easy to
|
by: repstat |
last post by:
Hi
I have a project which is going to be doing some string manipulation which
needs to be pretty fast. The user interface is going to be written in C#. I
am going to write the string handling functions in a C++ DLL.
My first question is, if I insert a C++ project into my C# solution, how
will VS.NET know that I want it to be unmanaged code? I intend to be calling
the DLLs functions using DllImport. I've heard that you can have unmanaged...
|
by: Brett Robichaud |
last post by:
I understand how code-behind can handle events for a page, but can I call a
code-behind method from within a <script> tag in my ASP.Net page, or can I
only call methods defined in other <script> sections? I can't seem to
figure out the syntax for for calling code-behind directly. The method is
within the class my page inherits from and is public, but when I try to call
it from my page I get this error:
CS1520: Class, struct, or...
|
by: Mark |
last post by:
I must create a routine that finds tokens in small, arbitrary VB code
snippets. For example, it might have to find all occurrences of
{Formula}
I was thinking that using regular expressions might be a neat way to solve
this, but I am new to them. Can anyone give me a hint here?
The catch is, it must only find tokens that are not quoted and not
commented; examples follow
| | |
by: Liam.M |
last post by:
Hey guys,
Forgive me if my question my be alittle silly, but I would very much
appreciate and assistance that could be given!
My situation is as follows:
I have created a Button, and set it's "On Click" Event proceedure to
Loop through my Database and find any records that fall within a
Certain Date...if a record is found...it then emails me that a record
|
by: Mark Reed |
last post by:
All,
I have built a database recently which resides on a network server which
is constantly being re-structured. This is something I have no control over
so have had to incorporate a means by which the backend moving will not
cause too much of a headache and anyone can fix.
I decided to use an INI file to store several variables which can and often
do change.
I've also added a logging procedure which writes events to a text file to
aid...
|
by: peridian |
last post by:
Hi,
I wanted a web page where I could post code to, and have it appear in coloured formatting based on the context of the code.
Most of the techniques I have seen for this involve complex use of string manipulation where they seek through the string back and forth doing replacements to substitute in the needed HTML code.
I am convinced that this can be done with a few regular expressions. Unfortunately my knowledge of regular...
|
by: galiorenye |
last post by:
Hi,
Given this code:
A** ppA = new A*;
A *pA = NULL;
for(int i = 0; i < 10; ++i)
{
pA = ppA;
//do something with pA
|
by: maxx233 |
last post by:
Hello all,
I'm new to OO design and have a question regarding where I should place some code. Here's a simplified situation:
I'm making an app to do create, submit, and track employee reviews within our organization. Should I have a class called Review, with properties for things like "review date", "employee being reviewed", etc?.. And methods for things like submit(), generateReport(), delete(), etc? I don't really think I *need* an...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
