Evening all!
Sorry if its a faq of some sort, but I haven't found an answer to this as
yet.
I'm trying to write a function which will go and get data out of a database
and lay it out. The awkward bit is that I want to be able to vary the
layout: I want to be able to pass a string to the function to define the
layout.
So in the simplest form of the situation (ignoring the database bit) I want
to be able to do something like
function myshow($x)
{ $Text = "wibble";
echo $x;
}
myshow("This is \$Text \n");
myshow("And so is this.... \$Text !!!")
and get the output
This is wibble
And so is this.... wibble !!!
I can't get it to work - is it possible, perhaps with some manipulation of
the syntax of the string?
--
David Aldred
9  1354 
David Aldred wrote: I can't get it to work - is it possible, perhaps with some
manipulation of the syntax of the string?
This is one of the rare situations where eval is useful:
function myshow($x) {
$Text = "wibble";
eval("print \"$x\";");
}
JW
David Aldred wrote: So in the simplest form of the situation (ignoring the database bit) I want
to be able to do something like
function myshow($x)
{ $Text = "wibble";
echo $x;
}
myshow("This is \$Text \n");
myshow("And so is this.... \$Text !!!")
and get the output
This is wibble
And so is this.... wibble !!!
I can't get it to work - is it possible, perhaps with some manipulation of
the syntax of the string?
The eval() solution is cool. This one, though less elegant, also works:
function myshow($x)
{ $Text = "wibble";
echo str_replace("\$Text", $Text, $x);
}
JP
--
Sorry, <de*****@cauce.org> is a spam trap.
Real e-mail address unavailable. 5000+ spams per month.
David Aldred wrote:
I'm trying to write a function which will go and get data out
of a database and lay it out. The awkward bit is that I want
to be able to vary the layout: I want to be able to pass a
string to the function to define the layout.
So in the simplest form of the situation (ignoring the database
bit) I want to be able to do something like
function myshow($x)
{ $Text = "wibble";
echo $x;
}
myshow("This is \$Text \n");
myshow("And so is this.... \$Text !!!")
and get the output
This is wibble
And so is this.... wibble !!!
You can use eval() as Janwillem suggested, or pass to the myshow()
function a string containing a placeholder:
function myshow($x) {
echo str_replace('###WIBBLE###', 'wibble', $x);
}
myshow("This is ###WIBBLE### \n");
myshow("And so is this.... ###WIBBLE### !!!")
Cheers,
NC
Janwillem Borleffs wrote: This is one of the rare situations where eval is useful:
function myshow($x) {
$Text = "wibble";
eval("print \"$x\";");
}
Never *ever* use a function like that on client-supplied data that
hasn't been very carefully validated, or you may find with something
like this:
myshow('"; exec("arbitrary shell commands"); print "');
-- brion vibber (brion @ pobox.com)
Brion Vibber wrote: Janwillem Borleffs wrote: This is one of the rare situations where eval is useful:
function myshow($x) {
$Text = "wibble";
eval("print \"$x\";");
}
Thanks for that - I think it meets the need here very nicely!
Never *ever* use a function like that on client-supplied data that
hasn't been very carefully validated,
Good point. In this case the layout string passed to the function will
always come from the script itself, and the actual data from the
(already cleaned up) database fields, so should be safe.
Again, thanks for all the help.
--
David Aldred
"Jan Pieter Kunst" <de*****@cauce.org> wrote in message
news:42***********************@news.xs4all.nl... David Aldred wrote:
So in the simplest form of the situation (ignoring the database bit) I
want to be able to do something like
function myshow($x)
{ $Text = "wibble";
echo $x;
}
myshow("This is \$Text \n");
myshow("And so is this.... \$Text !!!")
and get the output
This is wibble
And so is this.... wibble !!!
I can't get it to work - is it possible, perhaps with some manipulation
of the syntax of the string?
The eval() solution is cool. This one, though less elegant, also works:
function myshow($x)
{ $Text = "wibble";
echo str_replace("\$Text", $Text, $x);
}
The eval() solution is not cool at all. That's precisely what the santy worm
exploited.
strtr() is probably a better solution here, as it can make mutiple
replacement in one call.
Chung Leong wrote: The eval() solution is not cool at all. That's precisely what the santy worm
exploited.
Well, as long as what is eval()'d is known beforehand to be safe, i.e.
no user-submitted data, it it really that bad? Surely that leaves no
room for exploits?
Or am I overlooking something?
JP
--
Sorry, <de*****@cauce.org> is a spam trap.
Real e-mail address unavailable. 5000+ spams per month.
Jan Pieter Kunst wrote: Chung Leong wrote: The eval() solution is not cool at all. That's precisely what the
santy worm exploited.
Well, as long as what is eval()'d is known beforehand to be safe, i.e.
no user-submitted data, it it really that bad? Surely that leaves no
room for exploits?
It's a matter of risk management. Knowing that human software developers
_do_ make mistakes, what's the likely result of an error in input
verification?
If you make a mistake with str_replace() or strtr(), you'll just get
incorrect output. Depending on the use of the output JavaScript or SQL
injection might be possible; other uses might not be exploitable to any
significant end.
If you make a mistake with eval() and the data is not formatted safely
after all, the possible results are very high-danger: arbitrary local
code execution as web server user, no matter what the replaced text is
to be used for.
-- brion vibber (brion @ pobox.com) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: YGeek |
last post by:
Is there any difference between declaring a variable at the top of a method
versus in the code of the method? Is there a performance impact for either
choice? What about if the method will return...
|
by: Sharon |
last post by:
Hi! Does anyone know why the onclick in the following popup menu gives
the error:"Val is undefined"? Does it have something to do with the
fact that it is called within the variable tablePop?...
|
by: Richard Hollenbeck |
last post by:
Help! I don't know why this isn't working:
Private Sub Combo9_Change()
Dim UsersCourseSelection As String
UsersCourseSelection = Me("Combo9").Value
Combo13.Visible = True
'the following...
|
by: Friday |
last post by:
Being an Old L.A.M.P guy, I beg you to please excuse my ignorance of
dot.net (and all things Windows, for that matter).
As part of an experiment (to learn enough ASP/VB.net to port a series
of ...
|
by: Thomas Scheiderich |
last post by:
I thought I read that the case for the variable names is important.
For example
Dim Wheel As Integer
Wheel here is a different variable from WHEEL.
Is this correct?
|
by: Russ Chinoy |
last post by:
Hi,
This may be a totally newbie question, but I'm stumped.
If I have a function such as:
function DoSomething(strVarName) {
.....
}
|
by: Jody Gelowitz |
last post by:
I have run into an issue with variable scope within an XSLT document that is translated in VS.NET 2.0. Under VS.NET 1.1 (XslTransform), this code works fine. However, when using VS.NET 2.0...
|
by: Pedro Pinto |
last post by:
Hi there once more........
Instead of showing all the code my problem is simple.
I've tried to create this function:
char temp(char *string){
alterString(string);
return string;
|
by: MMcCarthy |
last post by:
We often get questions on this site that refer to the scope of variables and where and how they are declared. This tutorial is intended to cover the basics of variable scope in VBA for MS Access. For...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
