On Fri, 19 Apr 2002, Jeff Oien wrote:
>> Use eval().
> I have $url (literally) embedded in some text in the database that is to be 
> sent as an email message. I'm using this and $url disappears with a blank
> spot in the text:
> eval("\$body = \"$body\";");
> I've tried variations and can't get it to work. Any help? Thanks.

While you could do something like:

  $body = eval("return \"{$body}\";");

...the huge, monstrous, gigantic problem is that if you allow anyone to 
edit any part of $body or any string that goes into it, you are basically 
handing them control of your server, because they can get eval() to 
execute any code they want.

Far better would be to put a placeholder in $body like @@@ and then just 
do $body = ereg_replace('@@@', $url, $body);


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to