eval()不返回函数结果

我有一个方法名称存储在DB中的列中,如下所示:</ p> \ n

  customs :: nicknames($ data)
</ code> </ pre>

这是相关的类:</ p>

  class customs扩展服务{

函数__construct(){
parent :: __ construct();
}

公共静态函数昵称($ data){
返回$ data; \ 当我以这种方式调用它时,</ p>

  ($ error ['custom']。';'); 
</ code> </ pre>

不返回$ data变量的内容。
只是试一试 尝试使用 echo </ code>并正确地将数组返回到字符串转换php错误。
因此,正确读取变量 $ data </ code>。 但为什么不返回任何内容?</ p>

如果我试图在不使用 eval()</ code>的情况下调用此方法:</ p>

< pre> $ merge = customs :: nicknames($ data);
</ code> </ pre>

正确返回 $ data </ code>。</ p>

那有什么不对?</ p>

为什么 eval()</ code>无法返回方法结果? 我该如何解决这个问题?</ p>
</ div>

展开原文

原文

I have a method name that is stored in a column in the DB that looks like this:

customs::nicknames($data)

This is the related class:

    class customs extends service {

    function __construct() {
        parent::__construct();
    }

    public static function nicknames($data) {
        return $data;
    }

}

When I call it in this way:

$merge = eval($error['custom'] . ';');

The contents of the $data variable is not returned. Just to give it a try I tried with echo and it is correctly returning the array to string conversion php error. So the variable $data is read correctly. But why does not it return anything?

If I try to call this method without using eval() like this:

$merge = customs::nicknames($data);

The $data is returned correctly.

So what's wrong?

Why eval() is not able to return the method results? How can I solve this issue?

douzhai1182
douzhai1182 你试过eval('return'。$error['custom']。';');?
大约 7 年之前 回复

1个回答

Why eval() is not able to return the method results?

Simply because you don't return anything in your eval part.

Docs:

eval() returns NULL unless return is called in the evaluated code, in which case the value passed to return is returned.


How can I solve this issue?

You can assign variable ($merge in given example) in eval. For example:

eval('$merge =' . $error['custom'] . ';');

or return value in eval. E.g:

$merge = eval('return '.$error['custom'].';');

Note: Don't use eval in real-world applications.

Warning from docs:

The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.


If eval() is dangerous is there another way to read a string as code in a safe way?

Yes, there is (actually, are):

  1. PHP is very dynamic language. It has ability to do following stuff with strings:

    • Define and/or get variable (supported from PHP 4.3). For example:

      $variableName = 'MyVariable';
      // Create new variable with the name defined in variable $variableName
      ${$variableName} = 'MyValue';
      //Outputs: string(7) "MyValue"
      var_dump($MyVariable);
      //Outputs: string(7) "MyValue"
      var_dump(${'MyVariable'});
      

      Demo

    • Call function (supported from PHP 4.3). For example:

      // Create function with the name defined in variable $functionName
      function MyFunction($argument) {
          return 'Argument passed is: '.$argument;
      }
      
      $functionName = 'MyFunction';
      
      // Outputs:
      // string(48) "Argument passed is: Calling MyFunction directly."
      var_dump(MyFunction('Calling MyFunction directly.'));
      // Outputs:
      // string(51) "Argument passed is: Calling MyFunction with string."
      var_dump($functionName('Calling MyFunction with string.'));
      

      Demo

    • Create instance of class (supported from PHP 5.0). For example:

      class MyClass {
          public function __construct() {
              echo 'Constructing MyClass'."
      ";
          }
      }
      
      $className = 'MyClass';
      
      $objFromString = new $className();
      // Outputs: object(MyClass)#1 (0) {}
      var_dump($objFromString);
      

      Demo

    • Call static method (supported from PHP 5.0). For example:

      class MyClass {
          public static function staticMethod() {
              return 'MyClass::staticMethod called';
          }
      }
      
      $staticMethodName = 'staticMethod';
      // Outputs: string(28) "MyClass::staticMethod called"
      var_dump(MyClass::$staticMethodName());
      

      Demo

      And from PHP 5.3 class name can also be defined by string. Example:

      class MyClass {
          public static function staticMethod() {
          return 'MyClass::staticMethod called';
          }
      }
      
      $className = 'MyClass';
      $staticMethodName = 'staticMethod';
      
      var_dump($className::$staticMethodName());
      var_dump($className::staticMethod());
      

      Demo

    • Call instance method of object (supported from PHP 5.0). For example:

      class MyClass {
          public function instanceMethod() {
              return 'MyClass::instanceMethod called';
          }
      }
      
      $methodName = 'instanceMethod';
      
      $obj = new MyClass();
      // Outputs: string(30) "MyClass::instanceMethod called"
      var_dump($obj->$methodName());
      

      Demo

    • Access static and instance properties of object (supported from PHP 5.0). For example:

      class MyClass {
          public static $myStaticProperty;
          public $myInstanceProperty;
      }
      
      $staticPropertyName = 'myStaticProperty';
      $instancePropertyName = 'myInstanceProperty';
      
      MyClass::${$staticPropertyName} = 'my static value';
      $obj = new MyClass();
      $obj->{$instancePropertyName} = 'my instance value';
      
      var_dump(MyClass::${$staticPropertyName});
      var_dump($obj->{$instancePropertyName});
      

      Demo

  2. PHP has two functions: call_user_func and call_user_func_array for dynamic function/method calls. Both are perfectly documented so I won't go in details here.
  3. Even if everything above is not enough PHP 5 comes with great Reflection API. Unfortunately, documentation has few examples but reflection is quite large topic to cover here. Basically, It's not a big deal to use reflection after reading how it works.
dongtang1909
dongtang1909 非常感谢你
大约 7 年之前 回复
dongyoucha0645
dongyoucha0645 我编辑了答案。 我想你有兴趣重读一个。
大约 7 年之前 回复
douwen9343
douwen9343 我用替代品更新了我的答案。 如果它是私人的也无关紧要。 根据墨菲的说法:任何可能出错的事都会出错。
大约 7 年之前 回复
drruhc4944
drruhc4944 如果eval()是危险的,还有另一种方法以安全的方式读取字符串作为代码吗? 这是一个私有API系统所以我并不担心。 但是将来我可能需要它
大约 7 年之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐