[nycphp-talk] Quick little question - variable interpolation
max goldberg
max at idsociety.com
Thu Oct 17 17:23:33 EDT 2002
That actually wouldn't work, in order to do eval() you must pass it a
valid piece of code, so at runtime your code would return a parse error
as it would be the same as a line of code that said 'this string = $one
and that is it', where as '\\$string = $one;' would parse.
Earlier I gave the answer:
$one = '1';
$two = '$one';
eval("\\$result = \\"$two\\";");
echo $result;
Which would work fine, but you are very correct about the safety and it
is a bad idea to eval anything coming in from user input without a huge
load of data integrity checking.
-Max
Analysis & Solutions wrote:
> On Thu, Oct 17, 2002 at 04:24:28PM -0400, Adam Fields wrote:
>
>>On Thu, Oct 17, 2002 at 04:01:52PM -0400, Analysis & Solutions wrote:
>>
>>That is also not my question. I don't want to know how to assign a
>>string such that variable interpolation happens. I want to know how to
>>take an existing string and perform variable interpolation on it.
>
>
> Oh. I didn't understand your question. Guess I was too busy working on
> other things to really pay attention to the whole thread. Max was on
> target with eval(). So, continuing with my example...
>
> $one = 1;
> $two = 'this string = $one and that is it';
> $three = eval($two);
> echo $three;
> [results: this string = 1 and that is it]
>
> Now, BE CAREFUL about using eval(). You could do some really nasty things
> if the incoming string is corrupted by nasty persons. Please read the PHP
> manual about eval() to make sure you're being safe.
>
> --Dan
>
More information about the talk
mailing list