0

An easy question to ask, hope not to stupid.

$var=0;
$condition="$var!=0";
if($condition) {
    # do something #
}
else {
    # do something else #
}

Obviously the code up there doesn't work as intended. Is there a nice way to obtain an if-condition from a string? Or do I have to parse the string in some disturbing way?

EDIT I didn't explain myself very well. The fact is that the string could contain any possible condition you can immagine es:

  • $var > 0
  • $var < 0
  • $var == 0
  • etc

I read this condition from an xml file as a string, so I don't know what I will find.

Improve this question
5
  • 9
    The first person to mention the four letter word starting with "e" is going to get a good, solid glare. @Abaco, what is the larger problem you are trying to solve? Commented Jul 7, 2010 at 4:27
  • @Charles: +1. Love the 'four-letter word starting with "e"' Commented Jul 7, 2010 at 4:29
  • 1
    The follow-up question is - why do you have the condition in an XML file? What does the condition represent? Can it really be anything, or can you enumerate the possibilities? And where do you get the XML file from (i.e. how secure are you some idiot didn't put in the condition saying unlink($_SERVER['PHP_SELF']), or worse)? Commented Jul 7, 2010 at 4:46
  • A user describe a table in an xml file following a certain logic. One of the tags inside the xml-code should grant to the user the possibility to make some comparisons between numeric variables, therefore yes I can enumerate the different possibilities. EDIT: I can't know the idiot's objectives, but to sanitize the input I should first know how to make the code capable of read it. Commented Jul 7, 2010 at 4:50
  • 2
    If you can enumerate them, it's better to do it that way; make a switch in your code and execute an appropriate comparison that is hard-coded in your PHP, based on values in XML, something like: switch ($relation) { case ">=": $result = $var >= $standard; break; ... } where $relation and $standard are from the XML. Commented Jul 7, 2010 at 5:00

5 Answers 5

Reset to default
4

Just because no one has posted it yet. Ask yourself what comparisons need to be made. If they're doing simple math operations you might want to have something in the schema like this.

<conditions>
  <notEqual var="var" value="0" />
</conditions>

It'll allow you to have multiple conditions, should be relatively simple to parse and convert to php code.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Exactly what I was saying. +1.
Uhm nice. Thinking about it I've only 6 possible comparisons. Thank you. +1
@Amadan didn't see your comment before. You might have wanted to put it in an answer (it was still a little different)
@Abaco Thanks! Surprized me by accepting it. I just didn't want to see this post close with only one non-eval "Answer" available
4

The eval() function is the easy way out here. E.g.:

if(eval($condition)) {
    # do something #
}
else {
    # do something else #
}

It must be stressed that eval() is evil. It is very easy to make a website extremely insecure using eval(), even if you really know what you're doing. In particular, even if you're sure the code is safe now, it might not be so after you add a few features in totally different parts of the code.

That said eval() has its uses, particularly in quick-and-dirty single use scripts like migration scripts.

If you're writing a world-facing website, you need to take *extreme* care if using eval(). Very often, the necessary amount of care is more difficult than implementing some non-eval() solution.

Improve this answer

5 Comments

You were the first. GLARE. eval is evil! If you've found a problem where eval is the solution, eval is not the solution!
You said it yourself: eval is evil. Sometimes it's the least evil option, in which case it is the appropriate one. Just because a tool is really easy to misuse doesn't mean it should never be used.
@Charles I have to agree. Though I understand that he is just providing a possible solution so you can't hate completely. But I really would have to wonder what circumstance someone would find themselves in where you would have to use an eval. Especially for a seemingly easy circumstance.
I used a PHP-based CMS named Ariadne, which has user-editable pieces of code, in a restricted PHP language. It pre-processed the code to insert $this-> in front of every function call except those on the approved list, similarly with variables, then eval-ed it. Of course there were gotchas - it's obvious you don't put eval on the approved list, but you better not put preg_replace on it either since it's eval in disguise. However, it was a good hack, and did what it did surprisingly well. It doesn't change the fact that eval is Evil, just goes to show even Evil does good sometimes.
It really depends on the circumstance. In a single-use script that you will use to, e.g. reformat some of your data files, eval() can save you a good deal of time. On an internet-facing website it should almost always be avoided.
1

why not just do:

$var = 0;
if ($var != 0){
    # do something #
}
else {
    # do something else #
}

EDIT: Or even

$var = 0;
$condition = 0
if ($var != $condition){
    # do something #
}
else {
    # do something else #
}
Improve this answer

1 Comment

He edited the question after I had already made this post. Now with the edit it does.
0

  1. The contents of your $condition are not $var!=0, but 0=0 (due to $ not being escaped (\$) within double quotes.

  2. You can do this with eval function.

  3. However, eval is Evil. Ask yourself if you really need to do this. If there is any other way, take it.

Improve this answer

Comments

-1

OK, you could use evil Eval. But if your condition is actually as simple as you propose, you could just use a regex to test the condition... No eval necessary.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.