Parsing Text written ARRAY into individual values 1

[JRSofty]

In a form I have where an admin user can create a new config array element for any changes he makes to scripts.

The possiblity exists to create a multi-dimensional array element by entering in the textarea

array('arr1'=>array('a'=>1,'b'=>3,'c'=>5),'arr2'=>array('a'=>2,'b'=>4,'c'=>6))

Which when the submit button is pressed will create a line in the config script:

$CONFIG['some_element']=array('arr1'=>array('a'=>1,'b'=>3,'c'=>5),'arr2'=>array('a'=>2,'b'=>4,'c'=>6))

Which functionally is fine for the code BUT it cannot be modified without actually opening the config script directly (the display and editing script shows each element seperately with its value). So I decided to have each element of the array written to the file on its own line. The problem is that the array code (first box above) I can't seem to get it from the POST into a variable so I can use a foreach loop on it. I have tried eval() and parse_str() and neither have worked. I keep getting "Invalid Argument supplied to foreeach()"
What I'm looking for in final is an output that looks like this:

$CONFIG['some_element']['arr1']['a']=1;
$CONFIG['some_element']['arr1']['b']=3;
$CONFIG['some_element']['arr1']['c']=5;
and so on...

Anyone have an idea of how to get the code pased?

JRSofty

http://jrsofty.stinkbugonline.com

 

[jpadie]

if i've understood your post right you want a string output that looks like the last version you have quoted above.

not a problem: you need to use a recursive function. copy and paste the code above and run it in a browser to get a flavour for how to use recursives.

$arr = array(
		'arr1'=>	array('a'=>1,'b'=>3,'c'=>5),
		'arr2'=>	array('a'=>2,'b'=>4,'c'=>6));
$output = "";

recursearray ($arr ,'$CONFIG'); //NB must use single quotes to stop var expanding
echo "<pre>$output</pre>";

function recursearray($array, $prefix)
{
	global $output;
	foreach ($array as $key=>$val)
	{
		if (is_array($val))
		{	
			recursearray($val, $prefix."['$key']");
		}
		else //the incoming value is not an array
		{
			$output .= $prefix."['$key'] = $val\r\n";
		}
	}

}

 

[JRSofty]

Close, the problem I'm having is that the array portion is stored as a string (comes from a POST form) in the $_POST['newval'] and I can't for the life of me get the string value of $_POST['newval'] which is "array('arr1'=>1 ..." parsed into an actual array.

I've tried parse_str() and eval() without success.

JRSofty

http://jrsofty.stinkbugonline.com

 

[jpadie]

aaah... all is now clear.

usual security moans about eval - never use it in a live environment...

key thing about eval is you must give it a fully evaluatable piece of code. if you just hand it the string it won't know what to do.

revised code snip below

<?
$str = "array('arr1'=>array('a'=>1,'b'=>3,'c'=>5),'arr2'=>array('a'=>2,'b'=>4,'c'=>6))";

//manipulate incoming var to make it into a full evaluatable code snip

$str = '$CONFIG = ' . $str . ";";  //ie add a terminating semicolon and a variable to be filled
eval($str);  //doing this is really unsafe!!!  eval user inputted code is definitely a no-no

echo "This is the vardump from the newly eval'd string <br/>";
echo "<pre>";
print_r($CONFIG); //debug the output to ensure validity
echo "</pre>";
exit;

//now parse through the array parser to get a usable string
$output = "";

recursearray ($arr ,'$CONFIG'); //NB must use single quotes to stop var expanding
echo "this is the string output";
echo "<pre>$output</pre>";

function recursearray($array, $prefix)
{
	global $output;
	foreach ($array as $key=>$val)
	{
		if (is_array($val))
		{	
			recursearray($val, $prefix."['$key']");
		}
		else //the incoming value is not an array
		{
			$output .= $prefix."['$key'] = $val\r\n";
		}
	}

}


?>

 

[JRSofty]

Great thanks for the code.

Now if I can figure out how to do this without the eval or to find a way to secure it.

JRSofty

http://jrsofty.stinkbugonline.com

 

[jpadie]

some suggestions:

* redesign the user form so that it is dynamically created with the keys you wish to populate. run the eval code yourself first on all the db values so that the user never gets troubled.

* if you have to use eval dynamically, do LOTS of string checking to make sure that it begins with the string "array(" and ends with ")" and has NO semicolons in the middle of it. this way at least you can be sure that it is either duff code (no terminators) and have a good chance of it being an array.