Menu
So there's a php function in a database field. Here's what it looks like:
'$put_fname_fn = function($filename) {
return $filename.'.Z';
};'
I'm executing it like this:
$code = fetchFromDatabase(); // Get the function string
eval($code);
$put_fname_fn('MYFILE.TXT'); // Convert it to MYFILE.TXT.Z
Is there a more graceful way to call the user function? I try to avoid using eval but I don't another way to do this.
846
There is no other way to evaluate code in PHP. (You could write the code to a file and include it, but that's just a hidden eval.)
Still you should probably reconsider your application design. Evaluating code from the database is a VERY BIG SECURITY RISK: If your database is compromised (using a simple and common SQL injection attack) you at the same time give the attacker arbitrary PHP code execution.
179
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
