Erwin Moller wrote:
Chris Hope wrote:
jd**@xtra.co.nz wrote:
Hi There,
I am absolutly stumped by this, any help appreciated.
Due to factors outside of my control I have a php variable containing
php code and I dont know how to evaluate it.
I know its stupid, but php calls a database function (which I dont
have access to) which reads in a template html file and returns it as
a string. Now If I want the template to be a bit more dynamic and
contain php I have a problem.
After calling the database function I end up with: (examaple only)
$var = "<?echo "hello world";?>";
//$var is now equal to the template file - usually html but attempting
to add php
now if I echo that out I get:
<?echo "hello world";?>
but I want:
hello world
Can I call another instance of the php interpreter on php variable
$var?
Would the eval() function work?
Any way to acheive what I am after?
Use eval() - did you try it? Note that you don't need the <? and ?>
tags. Example:
$var = 'echo "hello world";';
eval($var);
This will display 'hello world' which is what you are wanting.
I don't think eval() will do what you need, since the template can
contain a liberal mix of html and php. You could, however, just dump
the variable contents to a temporary file, and then include() it when
you need the output.
>
Also, if you start evalling values from the database, be VERY sure you can
trust them.
If they come from userinput (forms for example) they can contain anything.
Be paranoid.
Regards,
Erwin Moller
I agree - you may want to consider some sort of templating system for
this. It is quite an overhead but if you do accept user input as
templates, you should make sure they're very restricted rather then
trusted (as you can't really trust them).
I hope this helps,
Vladislav
