[PHP] Re: HTTP_POST_VARS and eval?
Henrik,
I think your problem is jsimply that you are not getting variable substitution
of $HTTP_GET_VARS[whatever] inside double quotes.
print whatever is $HTTP_GET_VARS[whatever];
is not safe.
You need
print whatever is {$HTTP_GET_VARS[whatever]};
or, (IMHO better),
print 'whatever is '.$HTTP_GET_VARS[whatever];
The fact that you are actually evaluating an assignment is I think irrelevant, it's
just the
variable substitution that's failing. See the variable parsing section of
http://www.php.net/manual/en/language.types.string.php
George
Henrik Hudson wrote:
Hey List-
Working on a program and I seem to have run into a problem with
HTTP_POST_VARS. Are the HTTP_VARS considered special?
Here is what I am doing, reading in from a file into an array and then
grabbing each line and looking for ]string[ and replacing that with
$HTTP_POST_VARS[string]
The first echo prints out the lines correctly, but the echo after the eval
prints out the same lines. My error log shows this:
PHP Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING' in
/data/www/webpages/test.rhavenn.net/public_html/formmail/formmail.php(164) :
eval()'d code on line 1
So, its having problems doing an eval on the HTTP_POST? If I replace the
HTTP_POST stuff with just$\\1 and then define $string =
$HTTP_POST_VARS[string] it works just fine, but I can't do this since I
don't know what string is going to be, just that it is between ] [ chars and
there can be multiple ] [ on one line.
Any thoughts? Code is below.
//Read the array
$form_data = ;
for($i=0; $i count($filearr); $i++){
$line = $filearr[$i];
//Strip the ] [ from around the variables so they will be interpreted
$line = eregi_replace(\]([^\[]+)\[, \$HTTP_POST_VARS['\\1'],
$line);
echo Line: $lineBR;
//eval the variables from $line into themselves and they become
literal
eval (\$line = \$line\;);
echo Lineafterwards: $lineBR\n;
//Write the line back into a single variable
$form_data = $form_data . $line;
}
exit;
Thanks!
Henrik
--
Henrik Hudson
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: HTTP_POST_VARS and eval?
Thanks. It actually turned out that I wanted to do just:
$HTTP_POST_VARS[\\1]
in the regex (ie: removing the quotes entirely inside the array)
and it works just fine. Thanks for the info however.
On Friday 16 November 2001 09:37, George Whiffen wrote:
Henrik,
I think your problem is jsimply that you are not getting variable
substitution of $HTTP_GET_VARS[whatever] inside double quotes.
print whatever is $HTTP_GET_VARS[whatever];
is not safe.
You need
print whatever is {$HTTP_GET_VARS[whatever]};
or, (IMHO better),
print 'whatever is '.$HTTP_GET_VARS[whatever];
The fact that you are actually evaluating an assignment is I think
irrelevant, it's just the variable substitution that's failing. See the
variable parsing section of
http://www.php.net/manual/en/language.types.string.php
George
Henrik Hudson wrote:
Hey List-
Working on a program and I seem to have run into a problem with
HTTP_POST_VARS. Are the HTTP_VARS considered special?
Here is what I am doing, reading in from a file into an array and then
grabbing each line and looking for ]string[ and replacing that with
$HTTP_POST_VARS[string]
The first echo prints out the lines correctly, but the echo after the
eval prints out the same lines. My error log shows this:
PHP Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING' in
/data/www/webpages/test.rhavenn.net/public_html/formmail/formmail.php(164
) : eval()'d code on line 1
So, its having problems doing an eval on the HTTP_POST? If I replace the
HTTP_POST stuff with just$\\1 and then define $string =
$HTTP_POST_VARS[string] it works just fine, but I can't do this since I
don't know what string is going to be, just that it is between ] [ chars
and there can be multiple ] [ on one line.
Any thoughts? Code is below.
//Read the array
$form_data = ;
for($i=0; $i count($filearr); $i++){
$line = $filearr[$i];
//Strip the ] [ from around the variables so they will be
interpreted $line = eregi_replace(\]([^\[]+)\[,
\$HTTP_POST_VARS['\\1'], $line);
echo Line: $lineBR;
//eval the variables from $line into themselves and they become
literal
eval (\$line = \$line\;);
echo Lineafterwards: $lineBR\n;
//Write the line back into a single variable
$form_data = $form_data . $line;
}
exit;
Thanks!
Henrik
--
Henrik Hudson
[EMAIL PROTECTED]
--
Henrik Hudson
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: HTTP_POST_VARS and eval?
Henrik Hudson wrote:
So, its having problems doing an eval on the HTTP_POST? If I replace the
HTTP_POST stuff with just$\\1 and then define $string =
$HTTP_POST_VARS[string] it works just fine, but I can't do this since I
don't know what string is going to be, just that it is between ] [ chars
and
there can be multiple ] [ on one line.
Any thoughts? Code is below.
//Read the array
$form_data = ;
for($i=0; $i count($filearr); $i++){
$line = $filearr[$i];
//Strip the ] [ from around the variables so they will be
interpreted $line = eregi_replace(\]([^\[]+)\[,
\$HTTP_POST_VARS['\\1'],
$line);
echo Line: $lineBR;
//eval the variables from $line into themselves and they become
literal
eval (\$line = \$line\;);
echo Lineafterwards: $lineBR\n;
//Write the line back into a single variable
$form_data = $form_data . $line;
}
exit;
Show use the output, espeically the debugging output of what the lines say
that you are trying to eval
--
Like music? http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: HTTP_POST_VARS and eval?
Thanks for the help on this.
The file it's reading in:
-
An example form has been submitted.
Name: ]name[
Email: ]email[
The user made the following comments:
]comments[
Just in case we forget, the users name is ]name[ and their email is ]email[
--
The output of the code:
---
Line: An example form has been submitted.
Lineafterwards: An example form has been submitted.
Line:
Lineafterwards:
Line: Name: $HTTP_POST_VARS[name]
Lineafterwards: Name: $HTTP_POST_VARS[name]
Line: Email: $HTTP_POST_VARS[email]
Lineafterwards: Email: $HTTP_POST_VARS[email]
Line:
Lineafterwards:
Line:
Lineafterwards:
Line: The user made the following comments:
Lineafterwards: The user made the following comments:
Line: $HTTP_POST_VARS[comments]
Lineafterwards: $HTTP_POST_VARS[comments]
Line:
Lineafterwards:
Line:
Lineafterwards:
Line:
Lineafterwards:
Line: Just in case we forget, the users name is $HTTP_POST_VARS[name] and
their email is $HTTP_POST_VARS[email]
Lineafterwards: Just in case we forget, the users name is
$HTTP_POST_VARS[name] and their email is $HTTP_POST_VARS[email]
-
On Thursday 15 November 2001 18:20, Richard Lynch wrote:
Henrik Hudson wrote:
So, its having problems doing an eval on the HTTP_POST? If I replace the
HTTP_POST stuff with just$\\1 and then define $string =
$HTTP_POST_VARS[string] it works just fine, but I can't do this since I
don't know what string is going to be, just that it is between ] [ chars
and
there can be multiple ] [ on one line.
Any thoughts? Code is below.
//Read the array
$form_data = ;
for($i=0; $i count($filearr); $i++){
$line = $filearr[$i];
//Strip the ] [ from around the variables so they will be
interpreted $line = eregi_replace(\]([^\[]+)\[,
\$HTTP_POST_VARS['\\1'],
$line);
echo Line: $lineBR;
//eval the variables from $line into themselves and they become
literal
eval (\$line = \$line\;);
echo Lineafterwards: $lineBR\n;
//Write the line back into a single variable
$form_data = $form_data . $line;
}
exit;
Show use the output, espeically the debugging output of what the lines say
that you are trying to eval
--
Henrik Hudson
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
