I am using php eval() function, below are my statements:
$uid = 8;
$str = 'SELECT COUNT(*) FROM uchome_blog WHERE uid=$uid';
eval("\$str = \"$str\"");
die("$str");
//$query = $_SGLOBAL['db']->query($str);
//$result = $_SGLOBAL['db']->fetch_array($query);
The output is: SELECT COUNT(*) FROM uchome_blog WHERE uid=$uid
That's to say the varibale $uid did not passed.
How to pass a variable into the evaluated string.
Thanks.
According to php manual: http://php.net/manual/en/function.eval.php
The code will be executed in the scope of the code calling eval().
Thus any variables defined or changed in the eval() call will remain
visible after it terminates.
So, if the variable you need is defined in the scope where you calleval(), everything should work as expected.
You can use this too, but it makes no sense and it's the wrong logic for using eval
Example 1:
<?php
$uid = 8;
$OUTPUT = '<?php $str = "SELECT COUNT(*) FROM uchome_blog WHERE uid=$uid"; ?>';
eval(" ?> $OUTPUT <?php ");
echo $str;
exit;
?>
Example 2:
<?php
$uid = 8;
$str = '<?php $str = "SELECT COUNT(*) FROM uchome_blog WHERE uid=$uid"; ?>';
eval(" ?> $str <?php ");
echo $str;
exit;
?>
you can't insert varuiable into single-quotet strings directly. try this:
$str = "SELECT COUNT(*) FROM uchome_blog WHERE uid=$uid"; // double-quotet
or this:
$str = 'SELECT COUNT(*) FROM uchome_blog WHERE uid='.$uid; // string-concatenation
Variable substitution only works in double quoted strings.
Try this:
$uid = 8;
$str = "SELECT COUNT(*) FROM uchome_blog WHERE uid=$uid"; # variable gets substituted here
eval("\$str = \"$str\"");
die("$str");
I think variable substitution is something that happens at parse time - it is not done recursively, so in your eval, the contents of $str is pasted into the string, but that isn't done a second time for the contents of $uid inside $str.
You are missing a semicolon.
Try this:
eval("\$str = \"$str\";");
Related
I'm trying to use eval() to execute a string of SimpleHTML. I'm fully aware of the dangers of eval() and will not be using any user input for the string that is to be executed.
$my_data = str_get_html('<html><body>Hello!</body></html>');
$str = '$my_data->find(\'a\', 0)->attr[\'href\']';
eval ("\$str = \"$str\";");
echo $str;
The above code doesn't execute, and after echoing $str, I get:
('a', 0)->attr['href']
What happened to the first part of the $str string (i.e. $my_data->find )? How can I actually execute the code from the $str string?
The code you are passing to the eval is wrong. You are trying to eval the following code:
$str = "$my_data->find('a', 0)->attr['href']";
The correct code would be:
$str = $my_data->find('a', 0)->attr['href'];
Or:
$str = "{$my_data->find('a', 0)->attr['href']}";
This code works:
<?php
require __DIR__ . '/simplehtmldom_1_9_1/simple_html_dom.php';
$my_data = str_get_html('<html><body>Hello!</body></html>');
$str = '$my_data->find(\'a\', 0)->attr[\'href\']';
eval ("\$str = $str;");
echo $str;
I am trying to remove first 51 character of a long URL , I'm using
$sql = $db->Query(some query);
$mysite = $db->FetchArray($sql);
$str = $mysite['url'] ;
$str2 = substr('$str',51);
Above code return blank value, it works fine if i use plan text for $str
e.g.
$str = "I am looking for a way to pull the first 100 characters from a string"
$str2 = substr('$str',10);
my url is like "https://dl.dropbox.com/u/55299544/google.html?urlc=http://example.com"
i want to get http://example.com from database to show on user page,
how can i do this?
You're making this too complicated. If you are trying to get the http://example.com from the long URL then do this.
<?php
sql = $db->Query(some query);
$mysite = $db->FetchArray($sql);
$str = $mysite['url'] ;
$query = parse_url($str, PHP_URL_QUERY );
parse_str($query, $link);
echo $link["urlc"]; //http://example.com
?>
Let's say I have these two variables
$number = 1;
$word = "one";
and I want to use them in a pg_query.
This is what I've got:
$result = pg_query($con, 'UPDATE a SET z = ARRAY[{$number}] WHERE word = {pg_escape_literal($word)}');
But it doesn't work..
To use string interpolation, you have to use double quotes:
$x = 3;
"This works: $x" // This works: 3
'This does not: $x'; // This does not: $x
You also can't interpolate function calls into strings like you're attempting with {pg_escape_literal($word)}. You'll need to escape the variable before interpolating it into the string:
$word_esc = pg_escape_literal($word);
$result = pg_query(
$con,
"UPDATE a SET z = ARRAY[$number] WHERE word = $word_esc"
);
You could also use sprintf:
$result = pg_query(
$con,
sprintf(
"update a set z=ARRAY[%d] where word = %s",
$number,
pg_escape_literal($word)
)
);
But the best and safest is to use pg_query_params function, as you don't escape any parameter. And it is very easy to forget and expose your site to SQL-injection attacks.
$result = pg_query_params(
'update a set z=ARRAY[$1] where word = $2',
array($number,$word)
)
Use double instead of single quotes: Double quoted strings expand variables into their values.
I need to combine a $variable with a underscore and word like this:
$agent = agent id
word is "declined."
$newvar = $agent_declined;
How can i do that?
Like this: $newvar = $agent . "_declined";
In PHP, you combine strings by using .
Use the concatenation:
<?php
$newvar = $agent . "_declined";
?>
Read here!
Like this?
$agent_declined = "foobar";
$id = "declined";
$varname = "\$agent_" . $id
$newvar = $$varname; // should give foobar
I would advise against the use of double $$, it's confusing.
Try this:
${$variableName.'_declined'} = 'foo';
For more info, see PHP: Variable variables
I have three variables here.
$first= 'Start';
$second = 'End';
$testVar = 'Start here and here until the End more more more strings here';
How can i search $testVar if it contains Start and End strings, and i want to post Start up to the End string only.
Another way is using substr() and strops()
substr($testVar,strpos($testVar,$first),strpos($testvar,$second)+3)
Looking at your previous posts I'm assuming this is a PHP question. If so you can use:
list(,$result) = explode($first,$testVar);
list($result) = explode($second,$result);
Codepad link
You can also use regex as:
$first = preg_quote($first);
$second = preg_quote($second);
if(preg_match("!$first(.*?)$second!",$testVar,$m)) {
echo $m[1];
}
Codepad link
I would also rather use strpos, strlen and substr:
$end_pos = strpos($testVar,$end)+strlen($end);
$result = substr($testVar, strpos($testVar,$start), $end_pos );