0

i was learning some basics in PHP so i was confused about two statements :

print("${phpinfo()}");

its print result of the function . so i tried to make it depends on user input , so i make this statement:

print("$_GET[z]");

but when i passed this value ${phpinfo()} its print ${phpinfo()} not like the first statement . so how can i make this correct and print the result of the function not print its name .

test3332
  • 1

2 Answers2

0

If you need to print result of the function, for example:

function result(){
    return "res";
}

Use print_r(result()); -> print_r(). You'll get res at the output.

Your function must return something, it could be an object, an array, a string or numeric value, boolean also. In this case you'll see the output in print_r() for each type of data or in echo() for string/numeric values.

In your case use

print_r($_GET["z"]);

Use of quotes means print some string. "z" - means index of array in variable $_GET. Also, read the difference between using of single and double quotes.

Also, you can put an output value of the function into variable and then print it, but datatype of this output must be string/numeric.

function result(){
   // return 333;
    return "eeee";
}
$s = result();

print_r("$s");
// Output is: eeee (or 333)

Demo

In case of array variable you can use print_r() in the way you are:

$_GET["a"] = "word";

print_r("$_GET[a]");
// Output is: word

But $_GET["a"] should has also only string/numeric datatype.

Here you can read about many cases of string parsing process.

In case of print() function you can use it as:

$_GET['x'] = 'sss';

print "this is {$_GET['x']} !";

Again, value should has string/numeric datatype.

If you wanna get result from function, which presented as a string value you can use next code:

$_GET['z'] = "phpinfo()";
foreach ($_GET as $item){
    if (gettype($item) === 'string'){
       if (strpos($item,'()')) {
            $s = str_replace('()','',$item);   
            print $s();                       // execution 
        } 
    }
}

Here you can send the name of desired function as a string like "phpinfo()".

You cannot use ${phpinfo()} in $_GET because of that. It reads content and thinks that it's a variable, but it doesn't.

Aksen P
  • 4,564
  • 3
  • 14
  • 27
  • Thanks alot for this info ! , but i need to print the result in the way that i put , print("${phpinfo()}) --> print("$_GET[x]") . – test3332 Jan 28 '20 at 09:54
  • @test3332, `print "{$_GET['x']}";` – Aksen P Jan 28 '20 at 09:57
  • what i mean is that i need to let the user determine what function he want to print , so thats i used this print("$_GET[z]"); .php?z=${phpinfo()} but not get output just the name of the function – test3332 Jan 28 '20 at 09:59
  • @test3332, `.php?z=${phpinfo()}` should be like `.php?z=phpinfo()` – Aksen P Jan 28 '20 at 10:21
  • @test3332, you cannot use `${phpinfo()}` in `$_GET` because of [that](https://3v4l.org/rn3l5). It reads content and thinks that it's a variable, but it doesn't. – Aksen P Jan 28 '20 at 11:03
0

Link with .php?z=phpinfo

and then

$z = $_GET['z'];
print_r($z());

But remember, this is vulnerable for attacks - just a reminder ;)

edit: you can also use call_user_func

print_r(call_user_func($_GET['z']));
nospor
  • 4,190
  • 1
  • 16
  • 25
  • Thanks alot thats cool , but why i cant just do this : $z = $_GET[z]; print($z); and in the url .php?z=${phpinfo()} why i cant do this ? – test3332 Jan 28 '20 at 10:51