1

I would like to know if it is possible to store the following ee()->session->userdata('group_id') as a string in a variable.

Then to use it but as the function written inside.

Ultimately something that would look like

//request posted from somewhere
$request = "ee()->session->userdata('group_id')";
$myValue = $request // But here the function inside would be in place leaving the value of `$myValue` the id from the function and not the string.

I have another system that requires to utilise the foreign class ee() and i am hoping to create a bridge by posting a string and returning the return value and not the function string.

Improve this question
3
  • 1
    eval(); Caution: The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand. Commented May 7, 2015 at 20:57
  • 2
    It is, but it's generally considered very bad practise, and can be highly dangerous if the string comes from user input, and if there's any errors in the string of code, then it's hard to debug Commented May 7, 2015 at 20:57
  • 2
    It cannot be overstated how bad of an idea this is. Commented May 7, 2015 at 20:59

1 Answer 1

Reset to default
2

The function you are looking for is called eval. But be very careful with this function, as it is considered to be very harmful! Sanitize your strings!

Here is a quote from the PHP manual (linked above):

Caution The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

i had a suspicion it would be shady business. I cannot think of a better solution as yet but i guess i will have to. Many thanks.
No problem. If you want, you can post another question asking how it could be done better and give an example what exaclty you need it for. Just as a suggestion.
I need only a few values so i will do it another way. the security issue wouldn't be too much hassle but the risk nonetheless isnt worth it for me. The idea came to mind of opening up a port for ease of use and although possible i think its not quite the great idea i had hoped for. I am glad to have learned about eval today though! many thanks

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.