The string you are building would need quotes around the str_replace
'd string (and possibly another string_replace pair also to prevent quote issues).
Example:
$ec = "\$sucrate='" . str_replace(array("LEVEL", "EXP", "WILL", "IQ"), array($player['level'], $player['exp'], $player['will'], $player['IQ']), $r['crimePERCFORM']) . "';";
However, while that should fix your issue, there is almost never a good case for using eval
. It will certainly leave your code vulnerable to some sort of remote execution hack no matter what "protections" you put in place that would allow anyone to run any code on your server as if it was written by you.
This would do exactly that same thing, which is just setting the $sucrate
variable with your replaced values.
$sucrate = str_replace(array("LEVEL", "EXP", "WILL", "IQ"), array($player['level'], $player['exp'], $player['will'], $player['IQ']), $r['crimePERCFORM']);