Re: [PHP] Evaluating php code.
I'd leave the code checker in the global scope. In testing here I am not
getting a fatal error on a call to a method on a non-existing object.
This code returns nothing:
foo();
?>
';
error_reporting(0);
ini_set('track_errors',true);
$php_errrormsg='';
ob_start();
eval('?>'.$code);
$output = ob_get_contents();
ob_end_clean();
if($php_errormsg) echo "Error was: $php_errormsg\n";
else echo "Output was: $output\n";
?>
Does this give you a fatal error? If so, you may want to look at updating
your PHP.
-Rasmus
On Wed, 3 Apr 2002, Scott Houseman wrote:
> Hi Rasmus.
>
> Thanks for the help.
> I've implemented your code in a method in class 'RendererParam' as follows:
> //--
> ---
> // evaluateParameter
> //--
> ---
> /**
> Evaluate the parameter's code.
> */
> function evaluateParameter ( ) {
> // Give variable containing error message global scope.
> global $php_errormsg;
> echo "Evaluate code...";
> // Supress error reporting.
> error_reporting( 0 );
> // Set 'track_errors' on.
> ini_set( 'track_errors', true );
> // Clean out error variable.
> $php_errormsg = "";
> // Start output buffering.
> echo "eval( $this->sParamName.' = '.$this->sParamValue.';' )";
> ob_start( );
> // Evaluate this parameter.
> eval( $this->sParamName.' = '.$this->sParamValue.';' );
> // Get the output buffer contents.
> $sBufferOutput = ob_get_contents( );
> // End output buffering.
> ob_end_clean( );
> echo '$sBufferOutput = '.$sBufferOutput.'';
> if ( trim( $php_errormsg ) != '' ) {
> echo "Error was: $php_errormsg\n";
> return false;
> }
> else {
> echo "Output was: $sBufferOutput\n";
> return true;
> }
> }
> //--
> ---
> Example output:
>
> Evaluate code...
> eval( $AUTHOR.' = '.$oArticle->oAuthor->getName( ).';' )
>
> This works greate for parse errors, which is all I really want to check for.
> But I have picked up a problem.
> As the parameters (read variables ) & their values entered by the user may
> not be in scope at the time they are entered,
> in the above case I would get a fatal error:
>
> Fatal error: Call to a member function on a non-object
> in /var/www/vne/vne_classes/entity/RendererParam.inc(350) : eva()'d
> code on line 1
>
> This is most obviously because I am trying to call a method of an object
> which does not exist
> If I understand correctly, 'error_reporting( 0 );' will supress error
> messages, but this fatal error will still cause
> the php preprocessor to die.
>
> Doing a 'global $$this->sParamName, $$this->sParamValue;' will not help
> either, as these given variables/objects
> will not necessarly be available in the scope outside of this method either.
>
> So...
> Is there any way of telling the parser to ignore this fatal error and carry
> on, or alernatively,
> a way of parsing a string at face value for parse errors ie. 'Look for
> syntax errors, but don't evaluate the code.'?
>
> Thanks again for the help, it is much appreciated
>
> Regards
>
> Scott
>
> - Original Message -
> From: "Rasmus Lerdorf" <[EMAIL PROTECTED]>
> To: "Scott Houseman" <[EMAIL PROTECTED]>
> Cc: "php-general" <[EMAIL PROTECTED]>
> Sent: Wednesday, April 03, 2002 10:33 AM
> Subject: Re: [PHP] Evaluating php code.
>
>
> > > Ideally, i'd like to evaluate the code the user has submitted, and if an
> > > error is generated, notify the user of that fact.
> > > Eval always returns false, and I'd like no runtime error to be
> generated.
> > > Perhaps an error-handler is what's needed?
> > >
> > > What can you suggest?
> >
> > I think this should illustrate how to do that:
> >
> > > $code = '
> >
> > > $a = 1;
> > print $a;
> > ?>
> >
> > ';
> &
Re: [PHP] Evaluating php code.
Hi Rasmus.
Thanks for the help.
I've implemented your code in a method in class 'RendererParam' as follows:
//--
---
// evaluateParameter
//--
---
/**
Evaluate the parameter's code.
*/
function evaluateParameter ( ) {
// Give variable containing error message global scope.
global $php_errormsg;
echo "Evaluate code...";
// Supress error reporting.
error_reporting( 0 );
// Set 'track_errors' on.
ini_set( 'track_errors', true );
// Clean out error variable.
$php_errormsg = "";
// Start output buffering.
echo "eval( $this->sParamName.' = '.$this->sParamValue.';' )";
ob_start( );
// Evaluate this parameter.
eval( $this->sParamName.' = '.$this->sParamValue.';' );
// Get the output buffer contents.
$sBufferOutput = ob_get_contents( );
// End output buffering.
ob_end_clean( );
echo '$sBufferOutput = '.$sBufferOutput.'';
if ( trim( $php_errormsg ) != '' ) {
echo "Error was: $php_errormsg\n";
return false;
}
else {
echo "Output was: $sBufferOutput\n";
return true;
}
}
//--
---
Example output:
Evaluate code...
eval( $AUTHOR.' = '.$oArticle->oAuthor->getName( ).';' )
This works greate for parse errors, which is all I really want to check for.
But I have picked up a problem.
As the parameters (read variables ) & their values entered by the user may
not be in scope at the time they are entered,
in the above case I would get a fatal error:
Fatal error: Call to a member function on a non-object
in /var/www/vne/vne_classes/entity/RendererParam.inc(350) : eva()'d
code on line 1
This is most obviously because I am trying to call a method of an object
which does not exist
If I understand correctly, 'error_reporting( 0 );' will supress error
messages, but this fatal error will still cause
the php preprocessor to die.
Doing a 'global $$this->sParamName, $$this->sParamValue;' will not help
either, as these given variables/objects
will not necessarly be available in the scope outside of this method either.
So...
Is there any way of telling the parser to ignore this fatal error and carry
on, or alernatively,
a way of parsing a string at face value for parse errors ie. 'Look for
syntax errors, but don't evaluate the code.'?
Thanks again for the help, it is much appreciated
Regards
Scott
- Original Message -
From: "Rasmus Lerdorf" <[EMAIL PROTECTED]>
To: "Scott Houseman" <[EMAIL PROTECTED]>
Cc: "php-general" <[EMAIL PROTECTED]>
Sent: Wednesday, April 03, 2002 10:33 AM
Subject: Re: [PHP] Evaluating php code.
> > Ideally, i'd like to evaluate the code the user has submitted, and if an
> > error is generated, notify the user of that fact.
> > Eval always returns false, and I'd like no runtime error to be
generated.
> > Perhaps an error-handler is what's needed?
> >
> > What can you suggest?
>
> I think this should illustrate how to do that:
>
> $code = '
>
> $a = 1;
> print $a;
> ?>
>
> ';
>
> error_reporting(0);
> ini_set('track_errors',true);
> $php_errrormsg='';
> ob_start();
> eval('?>'.$code);
> $output = ob_get_contents();
> ob_end_clean();
> if($php_errormsg) echo "Error was: $php_errormsg\n";
> else echo "Output was: $output\n";
> ?>
>
> A couple of tricks:
>
> 1. Turning off PHP's error_reporting makes sure no errors are shown by PHP
> 2. Turning on track_errors puts any errors into the $php_errormsg variable
> 3. Turning on output buffering lets you catch the output from the code you
>are testing
> 4. Preceding the eval()'ed code with ?> makes sure you start the code off
>in normal HTML mode since eval() actually assumes what you feed it
>starts in PHP mode which is likely not the case for you.
>
> -Rasmus
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Evaluating php code.
> Ideally, i'd like to evaluate the code the user has submitted, and if an
> error is generated, notify the user of that fact.
> Eval always returns false, and I'd like no runtime error to be generated.
> Perhaps an error-handler is what's needed?
>
> What can you suggest?
I think this should illustrate how to do that:
';
error_reporting(0);
ini_set('track_errors',true);
$php_errrormsg='';
ob_start();
eval('?>'.$code);
$output = ob_get_contents();
ob_end_clean();
if($php_errormsg) echo "Error was: $php_errormsg\n";
else echo "Output was: $output\n";
?>
A couple of tricks:
1. Turning off PHP's error_reporting makes sure no errors are shown by PHP
2. Turning on track_errors puts any errors into the $php_errormsg variable
3. Turning on output buffering lets you catch the output from the code you
are testing
4. Preceding the eval()'ed code with ?> makes sure you start the code off
in normal HTML mode since eval() actually assumes what you feed it
starts in PHP mode which is likely not the case for you.
-Rasmus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Evaluating php code.
Dear all. We are currently busy developing an online press application, which makes use of templates & renderers. The system works as follows template->renderer->renderer parameters. The renderer does business logic, making variables available for the template, which simply renderers the variables to html, using variables embedded in html e.g. These renderers can also have parameters, which are basically user-definable variables e.g. a user can create the parameter called $__HEADLINE__?> with the parameter value of e.g. '$oArticle->getHeadLine( )' This will thus be evaluated by the rendering engine as '$__HEADLINE__ = $oArticle->getHeadLine( );' Fnally, my question: These renderer parameters are added using a html form interface and then stored in a database. Can anyone suggest a way of evaluating code on form submission, checking for parse errors etc. I know most programmers would frown at the idea of evaluating user code, but the enviroment it will be running in will be a secure intranet etc. Ideally, i'd like to evaluate the code the user has submitted, and if an error is generated, notify the user of that fact. Eval always returns false, and I'd like no runtime error to be generated. Perhaps an error-handler is what's needed? What can you suggest? Many thanks Scott -- Scott Houseman Software Developer JAM Warehouse [EMAIL PROTECTED] +27 82 4918021 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
