Page 1 of 1

eval()

Posted: Mon Feb 21, 2005 9:20 pm
by neophyte
I'm trying to send some html with PHP vars in it through eval(). I'm totally lost in the world of escaped/not escaped. I'm sooo confused. Not many examples of this in the PHP manual. Can someone lend me a hand:

Code: Select all

if (file_exists(RF_HTML.$header))
{
$html_header = file_get_contents(RF_HTML.$header);
$year = date('Y', time());
define('SERVERNAME', 'THIS SERVER');
eval("$html_header = $html_header;");		
return $html_header;
}

//The file called with file_get_contents() has this in it:

</td>
 <td width="146" valign="top" class="small"> 
</td>  
  </tr>
  <tr> 
    <td class="small">&copy;  '.$year.' '.SITENAME.' </td>
    <td>
</td>
    <td>&nbsp;</td>
  </tr>
</table>
Any tips you can post about eval() in general would be helpful. I mean I understand it accepts a string and evaluates it has code. But '"'"/"/" sort of thing gets confusing.

Thanks

Posted: Mon Feb 21, 2005 10:04 pm
by feyd
why not include the file and save the hassle of using eval?

Posted: Mon Feb 21, 2005 10:22 pm
by neophyte
I'm trying to figure out eval()? What is it good for? What are it's limitations ect.. I think I've posted a good example of how not to use eval. Least wise I haven't been able to figure it out yet if it's possible. I think it's all the special chars in the html that's giving me headaches.

But tell me is this just a really dumb use for it? :roll: :oops:

Posted: Mon Feb 21, 2005 10:30 pm
by feyd
depending on what $html_header is specifically...

Code: Select all

eval("\$html_header = $html_header;");
may work.. I can't remember off hand..

I avoid using eval() at all costs, mostly because of the danger of running generated code (which requires a LOT of testing to make sure it's not going to break).. It's far easier for me to use templating principles or other far less dangerous and easier to test systems of processing.

I have yet to collide with a situation where eval() is beneficial over other means. They may be out there, but I haven't seen any.