properly escaping strings in eval - hideous syntax problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

properly escaping strings in eval - hideous syntax problem

Post by McGruff »

This has been a real headache.

I need to define a string and then eval it later once the $vars have been declared (this will let me define a single "perform search" method in a parent - otherwise I have to duplicate the code in several childs although $link is the only unique bit for each child).

Code: Select all

<?php
$link = '(dupe info: ID' . $tid . ') <a href="index.php?page=forum_lp_' . $this->terms_string_GET . '_' . $tid . '_1_1">' . $result['board_title'] . ' | ' . $result['title'] . '</A><br />';
?>
Here's what I did - a bit of a hack (str_replace !) but works:

Code: Select all

<?php
// RULES:
// $array['key'] creates an error - declare $var = $array['key']; first and use $var
// concatenate string and '$var' elements (enclose $vars within single quotes)
// if vars followed by certain chars (underscore - et al?) write like this: ' . $var . ' and then str_replace later to strip ' . '
// using " instead of ' in $string doesn't seem to work

$string = '(dupe info: ID' . '$tid' . ') <a href="index.php?page=forum_lp_' . ' . $terms_string_GET . ' . '_' . ' . $tid . ' . '_1_1">' . '$board_title' . ' | ' . '$title' . '</A><br />';

// declare vars
$tid = 12;
$terms_string_GET = 'search_terms';
$result['board_title'] = $board_title = 'I am a board title.';
$result['title'] = $title = 'I am a topic title.';

// eval
eval("\$link = "$string";");
$link = str_replace(' . ', '', $link);
?>
The manual doesn't give a lot of help with preparing concatenated strings for eval. And after several hours that's the best I can work out.. but I must be doing something wrong if I need to str_replace ?
Last edited by McGruff on Thu Aug 11, 2005 5:42 am, edited 1 time in total.
User avatar
cactus
Forum Regular
Posts: 343
Joined: Tue Jun 10, 2003 4:16 am
Location: UK

Re: properly escaping strings in eval - hideous syntax probl

Post by cactus »

Just as a note, you got the string correct in your first example:
McGruff wrote:

Code: Select all

<?php
$link = '(dupe info: ID' . $tid . ') <a href="index.php?page=forum_lp_' . $this->terms_string_GET . '_' . $tid . '_1_1">' . $result['board_title'] . ' | ' . $result['title'] . '</A><br />';
?>
But not in your second:
McGruff wrote:

Code: Select all

$string = '(dupe info: ID' . '$tid' . ') <a href="index.php?page=forum_lp_' . ' . $terms_string_GET . ' . '_' . ' . $tid . ' . '_1_1">' . '$board_title' . ' | ' . '$title' . '</A><br />';
Look at the order of your quotes, the syntax highlighting identifies that.

Is this an oversight when posting ?

Regards,
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

In the first example, the string is correct if you just want to define a concatenated string - but it didn't work with eval.

The second string does eval successfully.

(1) $array['key'] has to be replaced with $var (=$array['key'])
(2) if a $var is followed by an underscore, I had to put in some ' . ' and then strip them out later.

I think eval is second only to regex'ing in terms of hair-pulling potential. I'm almost completely bald now.
Post Reply