Dynamic variables with dynamic values

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
rulonaes
Forum Newbie
Posts: 5
Joined: Tue Sep 20, 2005 11:36 am

Dynamic variables with dynamic values

Post by rulonaes »

Hi,

New on this forum and trying to make a php app.
I am trying to build functions using variables comming from a database and having values also comming from a database.

For defines I have it up and running but for variables I have not ...

I am retreiving 2 fields from database to be variable_name and variable_value

I would like to have something like

$var->$variable_name = $variable_value

this runs fine but I have a variable_value in the database having: date('Y-m-d H:i:s') and this is returned as a string however I would like to have the executed version to be for example 2005-09-20 06:44:10. I tried using eval but no luck so far. Can this be done? Do I mis some simple thing here? I am working with php for a while but still in beginner phase I gues.

Any help apriciated,

Ruud
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

if you want to get the result from eval() you need to tell it to return..

Code: Select all

$something = 'date("Y-m-d");';
$result = eval('return '.$something);
however, using eval() is highly recommended to not be done. it's too easy to have coding errors, and security risks...
rulonaes
Forum Newbie
Posts: 5
Joined: Tue Sep 20, 2005 11:36 am

Post by rulonaes »

Its like I said missing something simple :(
It did what I wanted thanks ...
But if it is not recommended can I do this in another way? Your reply did what I needed!
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

I would store Y-m-d H:i:s in the database instead of it along with the date function..
so you would be able to do

Code: Select all

$date = date($row[$dateformat],time());
rulonaes
Forum Newbie
Posts: 5
Joined: Tue Sep 20, 2005 11:36 am

Post by rulonaes »

In my case it is not knowing what is in the database. I just have a database having variable_name and variable_value and togheter they do something in this case for example

$var->$db_var_name = $db_var_value could become

$var->date_added = date('Y-m-d') ; but it could also become
$var->date_name = 'db_field_name' ;

in this db_var_name is a comming from the database and db_var_value also. Hence I do not know what is in the variable_value. It could be a number, string or function call. The provided solution worked for all 3 cases.
My question now is this works, but if EVAL is not recomended what is the code to do the same not having the risk EVAL has!
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Eval has its purpose, and this seems to work for it but you should design your application so your not calling blind variables.
I don't see why you should not know whether its a function call or a variable..
rulonaes
Forum Newbie
Posts: 5
Joined: Tue Sep 20, 2005 11:36 am

Post by rulonaes »

I am writing sort of a aplication in which users can make up their own functions easy, defining variables easy without knowledge of programming .. so far i am pretty good on the way ... flexiblity on database, tables, columns, language etc ... so the part bugging me this moment was the function part ...
In this case i need the "blind" variables because i do not know what user is building!
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

This is going to be a huge risk on your part... your going to have to sanitize their input aswell as disable several PHP commands, such as system or they will literatly be able to comprimise your server.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I'd suggest using the built-in tokenizer for php to parse their code before-hand, sanitizing it along the way... but even then, as Jcart said, it's a huge risk allowing such "flexibility"
Post Reply