0

I am trying to achieve something but i dont know how can i do this.

for instance check this script.

<?php

function runscript()
{
unlink('./images/a.php');
}
?>

which i want to run as a particular manner

i wat the script unlink('./images/a.php'); to be assigned in a string

say for conceptualy, like this

$a = "unlink('./images/a.php');";

then i want to execute the script somehow to run $a which will eventualy run-

unlink('./images/a.php');

say something like this

eval($a);

How can i achieve this...??

Improve this question
4
  • Why do you want to do this? Commented May 3, 2014 at 8:06
  • 4
    You do realize that this is a huge security issue, if the string comes from user input, right? Besides, you've already mentioned eval. What's not working with it? Commented May 3, 2014 at 8:06
  • 3
    If you need to run PHP code from a string assigned to a variable, you're doing something fundamentally wrong. Could you tell us why you want to do this? There is more than likely a much better solution. Commented May 3, 2014 at 8:07
  • why to take it into a string and then execute,its already executes in the function ,instead of that return true/false from the func Commented May 3, 2014 at 8:10

4 Answers 4

Reset to default
1

Using eval is in most of the cases a security risk and evidence of a wrong strategy.

If you don't want to pollute the global scope use namespaces(You can even import and alias namespaced functions in php 5.6).

If you want to have the ability to move a function around in code (e.g. for a callback or a plugin-system etc...) you may use closures.

<?php
// php 5.3+
$a = function($file) {
    unlink($file);
};

// later:
$a('./data/delete.me');
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I am not sure that you will be successful but you will try like this way. such 

$a= unlink('./images/a.php'); 
if($a)
 {
  echo "successful";
 }
else
 {
   echo "not successful";
 }

may be it will help you. Best of luck!

Improve this answer

Comments

0

You could make the code a tmp file and include it 

<?php
$code = $_POST['code'];
//uniqid for random folder
$id = uniqid();
$f = fopen($id . ".php" , 'w');
fwrite($f , $code);
fclose($f);
header("Location: view_code.php?id=" . $id);
?>

Then for your viewcode.php

<?php
$id = $_GET['id'];
//code to run then
include($id . ".php");
?>
Improve this answer

1 Comment

Obviously have a page with a form with codebox name attribute is set to code
0

try this:

$a= "unlink('./images/a.php');"; eval($a);

you can use eval() to evaluate string statements

reference: http://www.php.net/manual/en/function.eval.php

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.