This question already has answers here:
PHP call_user_func vs. just calling function
(8 answers)
Closed 6 months ago.
I dont understand the function, call_user_func() in the sense that i get how it works but I'm not sure why its required or in what context to use it in php. As far as I'm concerned why not just call the function instead of calling a function with a function? Thnx!
call_user_func gives PHP the ability to treat methods and functions as quasi first-class citizens. In functional languages like javascript there is no need for these special tools per-se because a function is an object that happens to be callable.
PHP is getting closer to having this sort of notion though, especially with the closure support that came along with PHP5.3. Take a look at the comment I put under #deceze's answer. There are some other tools (namely variable functions, reflection and now closures) that offer the same basic functionality.
The most notable thing about call_user_func though is how it allows you to treat global functions, static classes and objects with a uniform interface. It's probably the closest thing they have to a single interface to invoke functions no matter how they're implemented. Internally the PHP core group of developers is working to homogenize some sort of a 'callable' or 'invokable' interface for the language, I'm sure we'll see a clean offering in PHP5.4 or the next major release.
I've had a couple situations where this was very necessary. For example, when I was creating a project that allowed a user to construct parts of a programming language, the system would wrap the "tag" definition in a function before running it for security reasons. However, in doing this, I can't simply call those functions, because I don't know when I need to call them, or even what the names would be. Enter call_user_func()...
So, I'm sure you're confused right now. Let me explain. What my system did, was take some XML, and convert it into PHP/HTML/JS with PHP. This allowed for rapid creation of GUIs (which was the goal). Take this XML for example:
<window id="login-win" title="Access Restricted" width="310" height="186" layout="accordion" layoutConfig="animate:true">
<panel id="login-panel" title="User Login">
<form id="login-form" title="Credentials">
<textbox id="login-uname" label="Username"/>
<password id="login-pass" label="Password"/>
<submit text="Login"/>
</form>
</panel>
<panel id="login-register" title="Register">
Nothing, you can't register!
</panel>
</window>
Each XML tag would be read, then fed into it's corresponding PHP function. That function would determine what to do for that 1 tag. In order to pull this off, I had files each named after the tag it handled. So, for example, the tag's file was "submit.php". This file's contents would get wrapped in a generated function, something like:
function tag_submit($variables, $parent, $children){
// deal with the data, then echo what is needed
}
This function's name would be stored in an array, with it's associated tag name, with the rest of the generated functions. This makes it so the function is generated once, and only created when needed, saving memory, since I would do a if(func_exists()) call to determine if I needed it or not.
However, since this is all dynamic, and the user may want to add in a new tag, for say, a < date > tag, I needed to use call_user_func() to get things to work. I can't hard-code a function call if I don't know what the name is.
Hope that all made sense. Basically, yes, it is a rarely used function, but it is still very very useful.
Named functions, anonymous functions, static methods, instance methods and objects with an "__invoke" method are collectively known as 'callables'. If I have a callable it should be possible to call it by placing parentheses afterwards "()" (I'll assume it takes no arguments). This works when our callable is stored in a variable, for example:
$f(); // Call $f
However, what if I store a callable in an object property?
$obj = new stdClass;
$obj->my_func = function() {};
$obj->my_func(); // Error: stdClass does not have a "my_func" method
The problem is that PHP's parser is getting confused because the code is ambiguous, it could mean calling a callable property or calling a method. PHP chooses to always treat this kind of code as a method call, so we cannot call callable properties this way. This is why we need 'call_user_func':
call_user_func($obj->my_func); // Calls $obj->my_func
There are other times when PHP doesn't understand the normal parentheses syntax; for example, PHP currently (5.5) doesn't know how to call the return value of another callable:
get_a_callable()(); // Parse error, unexpected "("
call_user_func(get_a_callable()); // Calls the return value of get_a_callable
It's also not currently possible to call a function definion directly, which is useful to work around PHP's lack of "let" statements, for example:
function($x) { echo $x . $x; }('hello'); // Parse error, unexpected "("
call_user_func(function($x) { echo $x . $x; }, 'hello'); // Calls the function
There are also times where it's useful to have function calls /reified/ as the 'call_user_func' function. For example, when using higher-order functions like array_map:
$funcs = [function() { return 'hello'; },
function() { return 'world'; }];
array_map('call_user_func', $funcs); // ['hello', 'world']
It's also useful when we don't know how many parameters will be needed, ie. we can't substitute our own "function($f, $x, $y, ...) { return $f($x, $y, ...); }".
One particularly nice definition is partial application, which only takes a few lines thanks to call_user_func and call_user_func_array:
function partial() {
$args1 = func_get_args(); // $f, $a, $b, $c, ...
return function() use ($args1) {
// Returns $f($a, $b, $c, ..., $d, $e, $f, ...)
$args2 = func_get_args(); // $d, $e, $f, ...
return call_user_func_array('call_user_func',
array_merge($args1, $args2));
};
}
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
$variable = "echo 'example'";
eval ($variable);
I need to run the $variable that has code inside, without using the eval function, I'm using php 7.4. How can I do that?
Hint: I'm also using Laravel 6.x, is there a Laravel function for that as well?
Are you sure you have to do that? If you have only a limited number of possible functions, the safest thing to do is to simply map them, and then separate the wanted function and the arguments in the variable, using an array instead. More on that later.
If you wanted to provide a generic means for calling functions, you could for example:
$cmd = ['printf', 'foo'];
// interpreted as: printf('foo')
$cmd[0]($cmd[1]);
I'm using printf here, since echo is a language statement and not a function, and therefore wouldn't work like this. If you had to echo here, you'd have to make your own echo wrapper function, like function do_echo($str) { echo $str; }, and call that instead.
Or, for more readable code, you could list the array as:
list($func, $arg) = $cmd;
$func($arg);
If you needed multiple arguments, you could use this structure:
$cmd = ['str_replace', ['sub', 'ob', 'subject']];
list($func, $args) = $cmd;
// Interpreted as: str_replace('sub', 'ob', 'subject'):
$result = $func(...$args);
echo $result; // 'object'
Where the arguments listed in the arguments array, unpacked with the splat operator, are in the same order as the target function's arguments.
There are of course only a limited number of useful functions that will directly output anything. Therefore, in the above example we capture the result from $func instead and then echo; this simply to illustrate the basic use of variable functions and arguments.
This approach will however provide unhinged access to any function in your system, and as such shouldn't be used on anything but data/calls from trusted sources (you). Allowing users to provide any commands will open up your system to a world of mischief and misery.
Therefore, my initial recommendation of providing a map of functions. You could:
Have an array with a list of allowed core functions,
Have an array with a list of your custom wrapper functions, or
Check for valid wrapper functions named with a prefix
You could for example implement wrappers as follows:
function do_echo($str) {
echo $str;
}
function do_replace($se, $re, $str) {
// return or echo, up to you:
echo str_replace($se, $re, $str);
}
This would give you control over what's executed, and also whether values are returned or output, etc. pre/post-process. And then iterate your variable commands as follows:
$cmd = ['echo', 'off'];
list($func, $args) = $cmd;
$func = 'do_' . $func; // adding your prefix
if(function_exists($func)) {
// call with array, unpack arguments:
if(is_array($args) {
$func(...$args);
}
// or call with scalar argument:
else {
$func($args); // interpreted as `do_echo('off')
}
}
For an additional layer of insulation, create a class with your custom calls as its methods, instead of polluting the global space with more functions. Ciykd use a public router method that handles no-match cases; calling e.g. Func::code($cmd), where code() returns the do_* methods.
I often do something like this when I need to map user requests to class public methods that return output; named e.g. view_home, view_search etc. and view_default for a fallback for unmatched requests. Handy for quick prototyping, where index.php?view=* => $this->view_*.
If you're stuck with receiving a string command (why?), you can use regex to parse it into something you can pass to functions. Or, if you absolutely trust the data, eval isn't inherently and categorically evil, especially where a work-around would make for a more complex but equally wide back-door to your system. It's just not very elegant and smells of sloppy design.
In PHP, one can write
$a="$b$c";
This concatenates the assumed strings in $b and $c into $a elegantly (that is, using minimal yet clear syntax).
Now I want to move this statement into a function. The problem is that $b and $c are naturally interpreted as being local to this function, not its caller (which can be the global code or a function). Even if the caller defines $b and $c, this new function cannot see those definitions.
I want to do something clever that requires the statement to work the same (except for the location of $a) even though it has been moved into a function.
Furthermore, I want this to be efficient. No use of extract() or debug_backtrace(). Just want to use the caller's local scope. I don't mind if I use Zend to get the caller's symbol table, or any other hack, so long as it's efficient.
Don't worry, I'm not going to use this as general programming practice (ugh), just for one specific and wonderful purpose.
I know you don't want extract, but could this help?
<?php
function foo()
{
$b = 'Butter';
$c = 'Cup';
$v = get_defined_vars();
echo bar($v);
}
function bar($v)
{
extract($v);
return $b . $c;
}
foo();
Output:
ButterCup
There is no native PHP functionality for violating function scope in this way, other than backtraces included in debugging functions and exceptions.
I'd suggest looking at the C code for debug_backtrace() and seeing if you can write an extension that implements the bit of it you need (walking up the stack one step to find the parent symbol table) but which performs better than the existing function (I've no idea if that's possible, I don't know where the overhead comes from).
However, I would also recommend thinking really really hard about what problem you're actually trying to solve, and why it's led you to want to break function isolation in such an unusual way. Maybe there's a completely different solution.
For instance, if what you want is a kind of macro, rather than a function, you could write a pre-processor (or find one that's already been written) so that the code is literally pasted into place, and you don't need to hack the symbol table.
What is the difference between these two code excerpts, respectively, in PHP?:
function eat_apple($apple)
{
return true;
}
And:
function eat_apple()
{
$apple = func_get_arg(0);
return true;
}
Or is there a difference? If there is not, what is the point of func_get_arg()? Surely it serves some purpose I'm not aware of?
func_get_arg (and func_get_args) make it possible to have functions with a variable number of parameters, so called variadic functions.
Take array_merge as an example, which takes a variable number of arrays to be merged.
Hello. What is the difference between these two code excerpts, respectively, in PHP?:
-function eat_apple($apple)
+function eat_apple()
{
+ $apple = func_get_arg(0);
return true;
}
what is the point of func_get_arg()? Surely it serves some purpose I'm not aware of?
The officially stated purpose is to:
Return an item from the argument list
-- http://php.net/func-get-arg
In truth, there isn't much difference, and a standard passed argument is usually preferable over func_get_arg().
There are two occasions when you might want to use func_get_arg() rather than using defined arguments:
If you want to have an unlimited number of arguments. Typically, this would be better done with a single array argument, but there are times when you may want to allow unlimited arguments. A real example of a function that works this way is PHP's built-in printf function.
Where you have a complex function where the number of arguments given may alter what the arguments are used for and/or their data type. For example, passing a single argument may cause the function to expect a string, whereas passing two arguments, it may expect an integer first, and then the string. I can't think of any examples of this off the top of my head, but I'm fairly sure there are some. Ordinarily, I would say that this sort of behaviour is bad practice, but I can see how it may be useful for adding features while maintaining backward compatibility.
There are two things that you will definitely lose if you use fung_get_arg() instead of standard function arguments:
The ability to pass by reference.
The ability for your IDE to do any type hinting or auto-completion.
The other possible reason I could think of is avoiding a fatal error.
You have a function:
<?php
function display ($a, $b, $c) {
echo $a . " is " . $b . " " . $c;
}
?>
and you could call
<?php
display ("Rock", "good", "boy");
- this will not throw any error.
display ("Rock", "good");
- this will throw fatal error.
?>
So, now think of the second call, you could avoid the fatal error, see how many arguments are passed with func_get_args and process your code with func_get_arg(1) etc.
Several reasons:
You can use that magic to emulate overloading
You can write function (like printf) which can take undetermined number of arguments.
Example for first:
class a{
function X(MyOBJ $obj){...}
}
class b extends a{
function X(string $s,int $i){...}
}
class c extends b{
function X(){...}
}
This will throw a warning. If you use func_get_args() inside the function to get relevant parameters, no warning will be thrown.
Example for the second:
//not good, you can only send 3 strings
function merge_strings($s1, $s2, $s3){
return $s1 . $s2 . $s3;
}
//good one
function merge_strings(){
return join('',func_get_args());
}
Why don't the function handling functions like call_user_func() support passing parameters by reference?
The docs say terse things like "Note that the parameters for call_user_func() are not passed by reference." I assume the PHP devs had some kind of reason for disabling that capability in this case.
Were they facing a technical limitation? Was it a language design choice? How did this come about?
EDIT:
In order to clarify this, here is an example.
<?php
function more(&$var){ $var++; }
$count = 0;
print "The count is $count.\n";
more($count);
print "The count is $count.\n";
call_user_func('more', $count);
print "The count is $count.\n";
// Output:
// The count is 0.
// The count is 1.
// The count is 1.
This is functioning normally; call_user_func does not pass $count by reference, even though more() declared it as a referenced variable. The call_user_func documentation clearly says that this is the way it's supposed to work.
I am well aware that I can get the effect I need by using call_user_func_array('more', array(&$count)).
The question is: why was call_user_func designed to work this way? The passing by reference documentation says that "Function definitions alone are enough to correctly pass the argument by reference." The behavior of call_user_func is an exception to that. Why?
The answer is embedded deep down in the way references work in PHP's model - not necessarily the implementation, because that can vary a lot, particularly in the 5.x versions. I'm sure you've heard the lines, they're not like C pointers, or C++ references, etc etc... Basically when a variable is assigned or bound, it can happen in two ways - either by value (in which case the new variable is bound to a new 'box' containing a copy of the old value), or by reference (in which case the new variable is bound to the same value box as the old value). This is true whether we're talking about variables, or function arguments, or cells in arrays.
Things start to get a bit hairy when you start passing references into functions - obviously the intent is to be able to modify the original variables. Quite some time ago, call-time pass-by-reference (the ability to pass a reference into a function that wasn't expecting one) got deprecated, because a function that wasn't aware it was dealing with a reference might 'accidentally' modify the input. Taking it to another level, if that function calls a second function, that itself wasn't expecting a reference... then everything ends up getting disconnected. It might work, but it's not guaranteed, and may break in some PHP version.
This is where call_user_func() comes in. Suppose you pass a reference into it (and get the associated the call-time pass-by-reference warning). Then your reference gets bound to a new variable - the parameters of call_user_func() itself. Then when your target function is called, its parameters are not bound where you expect. They're not bound to the original parameters at all. They're bound to the local variables that are in the call_user_func() declaration. call_user_func_array() requires caution too. Putting a reference in an array cell could be trouble - since PHP passes that array with "copy-on-write" semantics, you can't be sure if the array won't get modified underneath you, and the copy won't get detached from the original reference.
The most insightful explanation I've seen (which helped me get my head around references) was in a comment on the PHP 'passing by reference' manual:
http://ca.php.net/manual/en/language.references.pass.php#99549
Basically the logic goes like this. How would you write your own version of call_user_func() ? - and then explain how that breaks with references, and how it fails when you avoid call-time pass-by-reference. In other words, the right way to call functions (specify the value, and let PHP decide from the function declaration whether to pass value or reference) isn't going to work when you use call_user_func() - you're calling two functions deep, the first by value, and the second by reference to the values in the first.
Get your head around this, and you'll have a much deeper understanding of PHP references (and a much greater motivation to steer clear if you can).
See this:
http://hakre.wordpress.com/2011/03/09/call_user_func_array-php-5-3-and-passing-by-reference/
Is it possible to pass parameters by reference using call_user_func_array()?
http://bugs.php.net/bug.php?id=17309&edit=1
Passing references in an array works correctly.
Updated Answer:
You can use:
call_user_func('more', &$count)
to achieve the same effect as:
call_user_func_array('more', array(&$count))
For this reason I believe (unfoundedly) that call_user_func is just a compiler time short cut. (i.e. it gets replaced with the later at compile time)
To give my view on you actual question "Why was call_user_func designed to work this way?":
It probably falls under the same lines as "Why is some methods strstr and other str_replace?, why is array functions haystack, needle and string functions needle, haystack?
Its because PHP was designed, by many different people, over a long period of time, and with no strict standards in place at the time.
Original Answer:
You must make sure you set the variable inside the array to a reference as well.
Try this and take note of the array(&$t) part:
function test(&$t) {
$t++;
echo '$t is '.$t.' inside function'.PHP_EOL;
}
$t = 0;
echo '$t is '.$t.' in global scope'.PHP_EOL;
test($t);
$t++;
echo '$t is '.$t.' in global scope'.PHP_EOL;
call_user_func_array('test', array(&$t));
$t++;
echo '$t is '.$t.' in global scope'.PHP_EOL;
Should output:
$t is 0 in global scope
$t is 1 inside function
$t is 2 in global scope
$t is 3 inside function
$t is 4 in global scope
Another possible way - the by-reference syntax stays the 'right' way:
$data = 'some data';
$func = 'more';
$func($more);
function more(&$data) {
// Do something with $data here...
}
This question already has answers here:
How to use class methods as callbacks
(5 answers)
Closed 10 months ago.
I'm trying to understand some code I found the open source oauth-php library. The relevant code snippet is:
protected function sql_printf ( $args )
{
$sql = array_shift($args);
if (count($args) == 1 && is_array($args[0]))
{
$args = $args[0];
}
$args = array_map(array($this, 'sql_escape_string'), $args);
return vsprintf($sql, $args);
}
Where $args is an array of arguments that contain variables intended for use in a formatted printing operation. I looked at the docs for array_map:
http://php.net/manual/en/function.array-map.php
and the user comments and I did not see any use case where the first parameter in a call to array_map() was an array itself. In all the use cases I saw, the first parameter was either NULL or a (callback) function. It seems pretty obvious to me that the code takes the $args array and then builds a new array with the arguments sanitized by $this->sql_escape_string().
But the statement "array($this, 'sql_escape_string')" is throwing me since I would have expected simply '$this->sql_escape_string', or is that not a valid syntax? If so, how does wrapping $this and 'sql_escape_string' in an array create a valid callback function for array_map() to use?
It is actually passing the sql_escape_string method from the class itself as a callback. It is a way of clarifying ambiguous method calls. For example:
array_map('sql_escape_string', $args);
of course applies sql_escape_string() to each value in $args, whereas:
array_map(array($someClass, 'sql_escape_string'), $args);
applies the sql_escape_string() method from $someClass to each value in $args.
The first parameter is a callback. It can be either a string or an array.
since I would have expected simply '$this->sql_escape_string'
You would if it were just one scalar value. But you have an array and you need to apply that escape function to each item of the $args array. So you need to implement foreach and apply that function or use one-liner with array_map.
But the statement "array($this, 'sql_escape_string')" is throwing me since I would have expected simply '$this->sql_escape_string', or is that not a valid syntax?
It's valid, but doesn't refer to what you think it refers to. Consider free functions, constants, class names and variables: each exists in different environments (or "namespaces" if you prefer, but that's easily confused with PHP namespaces). The different environment for variables is made explicit by the use of "$" as a sigil: the variable $foo versus the function foo(), constant foo and class Foo. This is also why constants and variables are case-sensitive, but functions and class names aren't: the different environments allow for different name resolution rules.
Similarly, object methods and properties exist in different environments. As a consequence, $this->sql_escape_string refers to a property, not a method. To confuse matters, that property could contain a callable, though such a callable couldn't be invoked directly:
class Foo {
function frob() {return 23.0 / 42;}
}
$foo = new Foo;
$foo->frob = function () {return 0 / 0;};
$foo->frob(); # calls method, not closure function
$frob = $foo->frob;
$frob(); # oops: division by zero
As with constants and functions, properties and methods are distinguished by the absence or presence of an argument list.
If so, how does wrapping $this and 'sql_escape_string' in an array create a valid callback function for array_map() to use?
PHP's syntax for callable references goes beyond strings.
Free functions (functions not associated with a class or object; contrast with "bound functions") can unambiguously be referred to by their names. Static methods are bound to a class, but can be referred to with a string if it includes the class name (the syntax is "Class::method"). A string cannot contain enough information for an object method, however, since the method must be bound to a particular object, and PHP doesn't have a way to refer to an object using a string. The solution PHP's developers settled on was to use array syntax (as shown in the question sample code). They also included support for array syntax for static methods (array('Class', 'method')).
Besides callable references, callables can be closures. These offer an alternative way of passing object methods, but are more verbose and complex.
$self = $this; # workaround: $this not accessible in closures before 5.4
$args = array_map(
function ($value) use($self) {
return $self->sql_escape_string($value);
}, $args);
Closures aren't so useful when a callable reference will do, but are more powerful overall.