Unable to evaluate a string using eval() in PHP

Question

I'm trying to hash a string and salt using a custom algorithm which is user supplied. However, the $algo variable always appears as a string and thus the output is clearly the value of the input as a string.

<form method='POST'>
    <input type='text' name='pass'>
    <input type='text' name='salt'>
    <input type='text' name='algo'>
    <input type='submit' value='Hash'>
</form>

<?php

$pass = $_POST['pass'];
$salt = $_POST['salt'];
$algo = $_POST['algo'];

eval('echo $algo;');

I've omitted the double quotes. Sorry for the lame question. It's just that I'm used to single quotes and sometimes this turns out a bad practice. Thank you for the suggestions. — schmitsz, May 04 '15 at 12:39

score 2 · Answer 1 · answered May 04 '15 at 12:37

2

In order to pass the variable $algo in your string, you need to use double quote "

eval("echo $algo;");

answered May 04 '15 at 12:37

maalls

749
8
20

Unable to evaluate a string using eval() in PHP

1 Answers1