Page 1 of 1
running function from a string
Posted: Wed Oct 20, 2010 6:31 pm
by wurdup
I need to able to run a function from a string passed from a client but I can't get it to work. I've used eval($input) but can't use call_user_func because the parameters count may be different. I need something like:
Code: Select all
// read client input ( eg "myFunction()")
$input = socket_read($spawn, 1024);
$value = eval($input);
}
Any ideas?
Re: running function from a string
Posted: Wed Oct 20, 2010 6:32 pm
by John Cartwright
call_user_func_array()
And in case you wern't paying attention, that is not the same as call_user_func()
Re: running function from a string
Posted: Wed Oct 20, 2010 6:44 pm
by wurdup
thanks would work but I've figured out a better solution
eval("\$output = $input;");
I had already tried this but put a \ infront of $input. Thanks anway.
Re: running function from a string
Posted: Wed Oct 20, 2010 7:02 pm
by John Cartwright
Better solution? Ahem

In fact, not only should you NEVER allow arbitrary user input to be executed as PHP code, simply put, you should just never use eval().