i was developing an application that will read in the content of a html 
file. and within this html file contains php variables which will be 
replaced using the eval() function with its required value. and within 
this html, i want to be able to run php functions. however, due to the 
fact that characters need to be escaped so that eval() can process it, i 
have to make use of addslashes() to escape all " that are embedded in 
the html file.

with the " escaped, eval() will be able to work and evaluate the php 
variable and instead of:

eval("\$rs = \"<span class="normal">$phpVar</span>\";"); (won't work)

it will now be:
eval("\$rs = \"<span class=\"normal\">$phpVar</span>\";"); (work)

and to call a date() function on the above text, this format will work:

eval("\$rs = \"<span class=\"normal\">".date("m d y")."$phpVar</span>\";");

since the text that is passed into eval() came from a html/php/inc 
(whatever you name it) file, there is no way you will know that a 
particular text is in fact a php function.

so i thought of prefixing and suffixing php function with [::date("m d 
y")::] and it will be helpful in the sense that the application will 
know that oh, this is a php function, i need to ".  ." it so that eval 
will not throw me an error.

with that, now the html file's content will be something like:
<span class="normal">[::date("m d y",$phpVar)::]</span>

after using addslashes(), it will be:
<span class=\"normal\">[::date(\"m d y\",$phpVar)::]</span>

for the above text, in order for eval() to parse correctly, it has to be 
in this format:
eval("\$rs = \"<span class=\"normal\">".date("m d y",$phpVar)."</span>\";")

and there is always a chance that the html text could contain more than 
1 block of [:: phpfunction ::]

thats why i came up with that piece of code to convert the text to a 
string that eval will be able to understand. and at the end of it, i 
will be echoing $rs to display the final result.

you probably will wonder why dont i use include() and require()? that 
way, php will be handling all the above without requiring additional 
work. however, due to the way the result has to be handled, i couldn't 
use include nor require.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to