0

I need some help with basic syntax in PHP,

I got the following string :
$str = "return (strlen(replace) <= 5 && strlen(replace) >= 1);";

and I got a variable : $var = "VariableValue";

and the st_replace function as : str_replace('replace', $var, $str);

What I am trying to do is actually use eval in somehing like:

if(eval($str)){//This should now make the if condition **look like**               
               //if(strlen(*'VariableValue'*)...) 
               //

echo 'Success';

}else{

     echo 'Ask the guys at StackOverFlow :),sure after searching for it';
}

So if you notice what is if(strlen('VariableValue')...) this is what I want to do,make the final if statement after eval containing the vars value WITH QUOTES so strlen actually process it,

I hope I made clear as needed :)

Thanks in advance

Improve this question

2 Answers 2

Reset to default
1

Try it like this

$str = "return (strlen(##replace##) <= 5 && strlen(##replace##) >= 1);";
$var = 'test';

// you have to assign the str_replace to $str again. And use " around the $var.
$str = str_replace('##replace##', '"' . addslashes($var) . '"', $str);

if (eval($str)) {             
    echo 'Success';
}
else {
    echo 'Ask the guys at StackOverFlow :),sure after searching for it';
}

I added the ## around replace because it's a good idea to always have a somewhat unique string to replace... like when you expand your eval'd code to include str_replace, then that would be replaced too otherwise.

EDIT
Escaped the $var with addslashes as per @Erbureth's comment.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

You should escape the variable string in case it contains quotes or other control characters
Terrific,Thanks a lot,Do you think there is other way to do what I am trying to do without using eval (but only with the same technique)
As @arkascha stated in the other answer: use the variable directly: so instead of if (eval($code)) {...} do if (strlen($var) <= 5 && strlen($var) >= 1) {...}
1

aYou don't need eval() for that (there are reason why it is sometimes called evil()...).

Just try a condition like that: 

if ( (strlen($var) <= 5) && (strlen($var) >= 1) )
Improve this answer

8 Comments

True, this is not a good use for eval, but if eval was pure evil and had no use-cases it wouldn't still be around. Or it would at least be deprecated in PHP 5.4
@SJFrK: I never claimed it is pure evil.
Sorry if I sounded rude, that was not my intention. I just don't like all those wars about eval good or evil, database table names plural or singular, opening braces on same line or next line etc.
@SJFrK: I absolutely agree with you. I don't want to start a fight or anything. I just want to mention that eval() can be evil, and that thinking twice if you really really have to use it absolutely makes sense. In 98% of the cases there are simpler and safer solutions.
Guys Is it enough secure if I am only using eval, i.e. I am replacing a const strings that I only Know ?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.