Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Could someone explain following stuff for me (eval and functions)

Status
Not open for further replies.

Xsi

Programmer
May 29, 2015
121
SE
Hello people,

I am pretty new to PHP,

I have made following pages


Index.php
contains following code:

PHP:
<?php

session_start();

$_SESSION['foo']='

<?php
function foo()
{
	echo "asdasdd";

}
?>';

?>
<a href="pag2.php">link </a>


Below is my code for pag2.php


PHP:
<?php

session_start();


eval('?>'.$_SESSION['foo']);


foo();

?>


'eval' does that mean you check if the PHP code is valid?
(I believe you use the 'eval' to check for errors ? correct me if I am wrong)


If I don't want to use the 'eval', just call the function (foo)
how should I write the code instead?


Thank you in advance
 
I think I got it though..

I got this code:

index.php
PHP:
<meta charset="UTF-8">
<?php
include('pag2.php');

getpage();


?>

and

pag2.php
PHP:
<?php


function getpage(){

	echo "this is info from pag2.php";
}

?>
 

eval('?>'.$_SESSION['foo']);

Means evaluate the text string in the session value named 'foo' and apply it as if if it were a line of php code.

However that IS a rather foolhardy and potentially dangerous (for your server or site) way of using evaluate, simply because it could possibly be used by an attacker to execute arbitrary code in the context of your website user account.

Overuse of eval() in the core code is one of the things that makes WordPress such an easy target for malicious 'hackers', because any sensible and responsible server manager would disable the eval function globally [in php.ini], but WordPress makes this impracticable because then WordPress will not run and requires individual php.ini files to enable it, which negates the security aspect of the global block.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum
 
elmnas,

Structuring your code is really a "very personal" habit or preference. Take for example:

include
common
js
css
img
bin
data
tmp
class

Each of the above could be directories where you would keep files based on their respective types and/or use within your application. So, you can use include(), require(), require_once() to load the needed documents when needed and in the order they are needed thus basically concatenating (if you will), a PHP script based on needs/requirements.

A nice thing about the use of these approach is that you can set a variable (say $home='1200 SE 32nd Ave.') and upon loading a 2nd script, the variable will be accessible without having to declare it as global.

Do get use to using isset() prior to referencing any variable or object to avoid warnings and/or errors.

One UDF I put together to take advantage of small PHP scripts and get their resolved content upon request is
Code:
    function getresolved($page) {
       if(file_exists($page)) {        
        ob_start();
        include $page;
        $content = ob_get_contents();
        ob_end_clean();
        return ($content);
       } else { return(0); }
    }

Again, all of this is a matter of preference/habit but I hope this gives you an idea of how to structure your project and how to best load/call processing scripts throughout your application.


PS: Credit to above method goes to a member of this very forum (I think vacunita or feherke ...) from many years ago!




--
SouthBeach
The good thing about not knowing is the opportunity to learn - Yours truly, 2008.
 
Hi Southbeach@,

I have never thought about if PHP have a certain structure in PHP code intresting :)
I know there is example in dot.net different models you work with (MVC etc)...
Could you provide me with more information if there is a certain way you work with php code?

Thank you in advance.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top