$a="my result=<?=2+2?>"
echo $a
I want to get :my result=4;
how to write this script?
any comments are welcome...
thanks.
10  5863 
Ju Hui wrote: $a="my result=<?=2+2?>"
echo $a
I want to get :my result=4;
how to write this script?
any comments are welcome...
eval()
But only use it if strictly necessary, consider other options first.
Grtz,
--
Rik Wasmus
$a="my result=".(2+2);
echo $a
$a="my result=".(2+2);
echo $a
it might can help u
<?php
eval("\$myresult = 2+2;");
echo $myresult;
?>
and if u're really interested in learning php, u'll like to go http://www.php.net/manual
thanks all your reply.
But the answer isn't what I want.
I know function eval(), it will execute the string pass to the function
as php script.
but my requirement is .
$a is a string, it will retrive from db.
I want to insert some php script to the $a, like {php}{/php} in Smarty
of PHP. The code with special tag will be processed as php script.
like -
$b=1;
-
$a="result,<? if ($b==1) echo \"b=1\" ?>";
-
print $a
-
I want to get result,b=1.
thanks .
Ju Hui wrote: thanks all your reply.
But the answer isn't what I want.
I know function eval(), it will execute the string pass to the function
as php script.
but my requirement is .
$a is a string, it will retrive from db.
I want to insert some php script to the $a, like {php}{/php} in Smarty
of PHP. The code with special tag will be processed as php script.
like
- $b=1;
- $a="result,<? if ($b==1) echo \"b=1\" ?>";
- print $a
-
I want to get result,b=1.
thanks .
Hi,
Just make sure you make the boundaries clear of the PHP code in the string
you store in the database.
eg:
$myStr = "result,**PHP**if ($b==1) echo \"b=1\"**PHP** testing.";
Now if you retrieve that string from DB, you can get the parts you want to
execute using explode("**PHP**",$myStr) and a little coding.
Of course, be sure that the seperatorstring (**PHP** in this example) cannot
be used elsewhere, or this will fail.
I must warn you, like others did, that you should try to avoid such design.
If the content of the executable PHP-code is coming from users, don't trust
it. I can contain anything, and you do NOT want to eval that. Beware.
A sidenote:
I have been coding PHP for years nonstop, and I only needed eval once.
I got so paranoid that I needed 2 days of additional coding and testing to
be sure it was safe.
My point: You probably do not need eval().
Regards,
Erwin Moller
Erwin Moller wrote: Ju Hui wrote:
thanks all your reply.
But the answer isn't what I want.
I know function eval(), it will execute the string pass to the function
as php script.
but my requirement is .
$a is a string, it will retrive from db.
I want to insert some php script to the $a, like {php}{/php} in Smarty
of PHP. The code with special tag will be processed as php script.
like
- $b=1;
- $a="result,<? if ($b==1) echo \"b=1\" ?>";
- print $a
-
I want to get result,b=1.
thanks .
Hi,
Just make sure you make the boundaries clear of the PHP code in the string
you store in the database.
eg:
$myStr = "result,**PHP**if ($b==1) echo \"b=1\"**PHP** testing.";
Now if you retrieve that string from DB, you can get the parts you want to
execute using explode("**PHP**",$myStr) and a little coding.
Of course, be sure that the seperatorstring (**PHP** in this example) cannot
be used elsewhere, or this will fail.
I must warn you, like others did, that you should try to avoid such design.
If the content of the executable PHP-code is coming from users, don't trust
it. I can contain anything, and you do NOT want to eval that. Beware.
A sidenote:
I have been coding PHP for years nonstop, and I only needed eval once.
I got so paranoid that I needed 2 days of additional coding and testing to
be sure it was safe.
My point: You probably do not need eval().
I just used eval for the first time yesterday....
<?php
foreach($scoring as $page=>$words){
$evalstatemnet=array();
foreach($parts as $word){
$evalstatemnet[]='isset($words[\''.$word.'\'])';
}
if(!(eval(join(' && ',$evalstatemnet)))){
unset($scoring[$page]);
}
}
?>
Part of a search function where $word would only ever be [a-z0-9_] -
Even then, I wasn't sure if I really wanted to use it... A few hours
later, it was replaced by something else (different algo). ;)
--
Justin Koivisto, ZCE - ju****@koivi.com http://koivi.com
Justin Koivisto wrote: Erwin Moller wrote: Ju Hui wrote:
thanks all your reply.
But the answer isn't what I want.
I know function eval(), it will execute the string pass to the function
as php script.
but my requirement is .
$a is a string, it will retrive from db.
I want to insert some php script to the $a, like {php}{/php} in Smarty
of PHP. The code with special tag will be processed as php script.
like
- $b=1;
- $a="result,<? if ($b==1) echo \"b=1\" ?>";
- print $a
-
I want to get result,b=1.
thanks .
Hi,
Just make sure you make the boundaries clear of the PHP code in the
string you store in the database.
eg:
$myStr = "result,**PHP**if ($b==1) echo \"b=1\"**PHP** testing.";
Now if you retrieve that string from DB, you can get the parts you want
to execute using explode("**PHP**",$myStr) and a little coding.
Of course, be sure that the seperatorstring (**PHP** in this example)
cannot be used elsewhere, or this will fail.
I must warn you, like others did, that you should try to avoid such
design.
If the content of the executable PHP-code is coming from users, don't
trust it. I can contain anything, and you do NOT want to eval that.
Beware.
A sidenote:
I have been coding PHP for years nonstop, and I only needed eval once.
I got so paranoid that I needed 2 days of additional coding and testing
to be sure it was safe.
My point: You probably do not need eval().
I just used eval for the first time yesterday....
<?php
foreach($scoring as $page=>$words){
$evalstatemnet=array();
foreach($parts as $word){
$evalstatemnet[]='isset($words[\''.$word.'\'])';
}
if(!(eval(join(' && ',$evalstatemnet)))){
unset($scoring[$page]);
}
}
?>
Part of a search function where $word would only ever be [a-z0-9_] -
Even then, I wasn't sure if I really wanted to use it... A few hours
later, it was replaced by something else (different algo). ;)
Hi Justin,
I do not see how that piece of code makes sure that no naughty commands are
executed.
It completely depends on what $scoring contains.
If you let me deliver that $scoring-array, I think I can delete the content
of your harddrive.
But maybe I miss something completely. :-/
Regards,
Erwin
Erwin :
I am using a system which using templates design. all layout can
modify from templates, and all templates' html code was saved in mysql
db.
one templete is named headerNavigation. It will show 'Login' or
'Logout', I want to show login if the user doesn't login, and show
logout if the user logined.
I want to judge whether user logined or not by one session value. So I
want to insert php code in this template. normal user can't change my
template.
you said:
execute using explode("**PHP**",$myStr) and a little coding.
I just want to know how to execut php code in a string variable which
contain 'if' 'else' and other php scripts.
I did a test like below:
1 <?
2 $a="if (2>1) echo \"2>>>>1\";";
3 echo eval($a);
4 echo "\n";
5 ?>
the result is :2>>>>1
maybe it's what I need.
any vulnerability in it?
thanks you all.
Erwin Moller wrote: Justin Koivisto wrote:
I just used eval for the first time yesterday....
<?php
foreach($scoring as $page=>$words){
$evalstatemnet=array();
foreach($parts as $word){
$evalstatemnet[]='isset($words[\''.$word.'\'])';
}
if(!(eval(join(' && ',$evalstatemnet)))){
unset($scoring[$page]);
}
}
?>
Part of a search function where $word would only ever be [a-z0-9_] -
Even then, I wasn't sure if I really wanted to use it... A few hours
later, it was replaced by something else (different algo). ;)
I do not see how that piece of code makes sure that no naughty commands are
executed.
It completely depends on what $scoring contains.
If you let me deliver that $scoring-array, I think I can delete the content
of your harddrive.
But maybe I miss something completely. :-/
See above.. the stuff that was used in the eval statement could only
contain letters a-z (lowercase only), digits 0-9, and the underscore.
Then they were single quoted, so the eval statement would look something
like:
isset($words['testing']) && isset($words['12_435']) &&
isset($words['id_17'])
The $scoring array been constructed in the function, and if there was
found to be any characters other than specified above, the function
would have returned FALSE long before it reached that loop.
--
Justin Koivisto, ZCE - ju****@koivi.com http://koivi.com This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Steven T. Hatton |
last post by:
Some people have suggested the desire for code completion and refined
edit-time error detection are an indication of incompetence on the part of
the programmer who wants such features. ...
|
by: Lues |
last post by:
Hi,
I'm trying to protect some data in tables with encription (you know why,
don't you ;))
I must confess that I'm not very expirienced in writing code, especially
encription code.
Can any...
|
by: repstat |
last post by:
Hi
I have a project which is going to be doing some string manipulation which
needs to be pretty fast. The user interface is going to be written in C#. I
am going to write the string handling...
|
by: Brett Robichaud |
last post by:
I understand how code-behind can handle events for a page, but can I call a
code-behind method from within a <script> tag in my ASP.Net page, or can I
only call methods defined in other <script>...
|
by: Mark |
last post by:
I must create a routine that finds tokens in small, arbitrary VB code
snippets. For example, it might have to find all occurrences of
{Formula}
I was thinking that using regular expressions...
| | |
by: Liam.M |
last post by:
Hey guys,
Forgive me if my question my be alittle silly, but I would very much
appreciate and assistance that could be given!
My situation is as follows:
I have created a Button, and set...
|
by: Mark Reed |
last post by:
All,
I have built a database recently which resides on a network server which
is constantly being re-structured. This is something I have no control over
so have had to incorporate a means by...
|
by: peridian |
last post by:
Hi,
I wanted a web page where I could post code to, and have it appear in coloured formatting based on the context of the code.
Most of the techniques I have seen for this involve complex use...
|
by: galiorenye |
last post by:
Hi,
Given this code:
A** ppA = new A*;
A *pA = NULL;
for(int i = 0; i < 10; ++i)
{
pA = ppA;
//do something with pA
|
by: maxx233 |
last post by:
Hello all,
I'm new to OO design and have a question regarding where I should place some code. Here's a simplified situation:
I'm making an app to do create, submit, and track employee reviews...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
| | |
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
