0

I have some code that is returned to my script in a variable. I need to execute it as PHP code but am nervous to use the eval function. Here is the code that is generated in an include file:

/include.php:

$preLoadFields .=   '$2 = new KoolDatePicker("datepicker");                                    
                     $2->id="field_2";                              
                     $2->scriptFolder = "/KoolPHP";

/main.php

eval($preLoadFields);

Even when I try to run it using eval, I get this error:

Parse error: syntax error, unexpected '2' (T_LNUMBER), expecting variable (T_VARIABLE) or '$'

Is there a better / safer way to do accomplish this? Thank you in advance!

Jason
  • 1,105
  • 3
  • 16
  • 30
  • Where does the generated code come from? – seymar Jul 23 '13 at 19:24
  • The generated code comes from a script within the include file. This code essentially generates fields if they're enabled within the database (i.e., if field1 is enabled, generate the appropriate code). It just so happens with one type of field (calendar control), I need to generate PHP code before the HTML. – Jason Jul 23 '13 at 19:33
  • 1
    Possible duplicate of [What's alternative of eval function?](http://stackoverflow.com/questions/10671602/whats-alternative-of-eval-function) – T.Todua Dec 25 '16 at 17:23

2 Answers2

3

Just don't let the include.php generate PHP code in a variable. But directly execute it.

$2 = new KoolDatePicker("datepicker");                                    
$2->id="field_2";                              
$2->scriptFolder = "/KoolPHP";

If you are worried about HTML being generated and outputted to the screen. Then don't output it using ob_start ob_get_contents ob_end_clean:

ob_start();
$2 = new KoolDatePicker("datepicker");                                    
$2->id="field_2";                              
$2->scriptFolder = "/KoolPHP";
$generated_html = ob_get_contents();
ob_end_clean();

Anything the piece of PHP will try to output to the screen will be buffered. Then later in your code use the $generated_html variable to output it wherever you want.

(You still need to fix the invalid variable name)

seymar
  • 3,993
  • 6
  • 25
  • 30
  • Duh - don't know why I didn't think of that. That worked perfectly. Thank you for the help!! – Jason Jul 23 '13 at 19:49
2

$2 is not a valid PHP variable name: http://www.php.net/manual/en/language.variables.basics.php

It must start with an alphabetical character. A regex detailin the allowable format is in above linked page.

In the greater scheme of things, you should NOT be using eval(). It's a highly dangerous function. Why not simply have it as PHP code and include() it?

include.php:

<?php
$var = new KoolDatePicker('datepicker');
$var->id="field_2"
$var->scriptFolder = '/KoolPHP';

main.php:

<?php
include('include.php');
Marc B
  • 356,200
  • 43
  • 426
  • 500
  • Thank you for the reply! OK - makes sense on the variable name and the error I was getting with eval. The PHP code is generated dynamically amongst other things happening in the include file. So that's why I'm trying to hand the variable that contains the code back to the main page... – Jason Jul 23 '13 at 19:30