当与AJAX一起使用时，PHP eval会产生500错误吗？

I am working with a system, where all PHP code is stored in a database, to allow it to be dynamically altered. Now the code itself works perfectly fine when displayed on the page, but when the same code is called with AJAX, it returns an error 500. I already tried enabling display_errors, no dice, and it all boils down to the eval statement, if it is there I get a 500 error if it's not the script runs fine.

<?php
global $objPDO;

$objSnippet = $_REQUEST["snippetname"];
    $objVariables = $_REQUEST["snippetvariables"];
    //var_dump($objPDO);
    if ($objSnippet == "XHubDiscussion") {
        $objPDOStatement = $objPDO->prepare("SELECT snippet FROM modx_site_snippets WHERE name = :name LIMIT 1");
        $objPDOStatement->bindParam(":name", $objSnippet, PDO::PARAM_STR);
        if ($objPDOStatement->execute()) {
            $arrSnippet = $objPDOStatement->fetch(PDO::FETCH_ASSOC);
            extract($objVariables);
            //var_dump($arrSnippet);
            if (FALSE === eval($arrSnippet["snippet"])) {
                var_dump("dis also be ronk");
            }
        } else {
            var_dump("Ronk!");
        }
    }
?>

Yes I have triple checked everything else, if the eval is out commented, it reacts perfectly fine. The code executed:

<?php
require_once($_SERVER["DOCUMENT_ROOT"] . "/assets/snippets/xhub/xhub.snippet.php"); 

    global $arrXHubUserCollection;
    $objXHubS = new xHub\security;
    $intPageID = $modx->documentIdentifier;

    if (isset($intXHubPageID)) {
        $intPageID = (int)$intXHubPageID;
    }

    $arrXHubThread = $objXHubS->DiscussionGetThreads(array($intPageID));
    $arrMessageFetch = array((int)$arrXHubThread[0]["id"]);
    if (isset($intXHubPosttime)) {
        $arrMessageFetch[] = (int)$intXHubPosttime;
    }
    $arrXHubMessages = $objXHubS->DiscussionGetMessages($arrMessageFetch);
    $arrXHubUserGroupRelation = $objXHubS->DashboardMessageControl("UserGetGroupRelationship", array());

    $strPageViewer = '<div class="clear XHubPageViewer" style="padding:10px;"></div>';
    if (!isset($intXHubPosttime)) {
        echo XHubTraverseMessages($arrXHubThread, false);
        echo $strPageViewer;
        echo '<div id="XHubConversation">';
    }
    echo XHubTraverseMessages($arrXHubMessages, true);
    if (!isset($intXHubPosttime)) {
        echo '</div>';
        echo $strPageViewer;
        if (is_array($arrXHubUserGroupRelation)) {
            echo '<div class="EPcomment XHubEditField" style="position:inline;z-index:1000;display:block;border-radius:10px;border:1px solid #C7D7D3;background-color:#DEEBE8;margin:0px;padding:0px;"> 
                <div> 
                    <a onclick="XHubMessageEditor(this.parentNode.parentNode);" href="javascript:;" class="ButtonYellowSmall">Bearbeiten!</a>
                </div> 
                <div> 
                    <textarea style="width:97%;"></textarea> 
                </div> 
            </div>';
        }
    }

    function XHubTraverseMessages ($arrMessages, $blnXHubComment) {
        global $arrXHubUserCollection, $objXHubS;
        $strMessageAssembly = "";
        foreach ($arrMessages as $arrMessage) {
            $intXHubUserID = (int)$arrMessage["postid"];
            if (!isset($arrXHubUserCollection[$intXHubUserID])) {
                $arrXHubUser = $objXHubS->DashboardRetrieve(array($intXHubUserID));
                $arrXHubUser["username"][0] = $objXHubS->UserGetNameFromID($intXHubUserID);
                $arrXHubUser["userid"][0] = $intXHubUserID;
                $arrXHubUserCollection[$intXHubUserID] = $arrXHubUser;
            }
            $strMessageAssembly .= XHubCreateMessageField($arrMessage, $arrXHubUserCollection[$intXHubUserID], $blnXHubComment);
        }
        return $strMessageAssembly;
    }
    function XHubCreateMessageField ($arrMessage, $arrUser, $blnXHubComment) {
        $strXHubDebatArrow = '<div class="DebatArrow">&nbsp;</div>';
        $strXHubCommentArrow = '<div class="EPcommentArrow">&nbsp;</div>';
        $strXHubThreadBox = '<div class="BoxGreen width500 right Debatbox MessageField">';
        $strXHubCommentBox = '<div class="EPcomment BoxGray MessageField"><p class="lefttop">Antwort</p>';

        $strXHubMessageContainer = '<div class="clear' . ($blnXHubComment ? " XHubMessages" : " XHubInitThread") . '" id="' . $arrMessage["id"] . ($blnXHubComment ? "" : "D") . '">';
        $strXHubMessage = ($blnXHubComment ? $strXHubCommentBox : $strXHubThreadBox) . 
                '<div class="XHubPostTime" style="display:none">' . $arrMessage["posttime"] . '</div>' . 
                '<p class="righttop">' . date("d-m-Y", $arrMessage["posttime"]) . ' um ' . date("H:i", $arrMessage["posttime"]) . ' Uhr</p>' . 
                '<p class="message">' . $arrMessage["message"] . '</p>'
                . ($blnXHubComment ? $strXHubCommentArrow : $strXHubDebatArrow ) .
                '</div>';
        $strXHubUser = '
            <div class="epUser">
                <p class="username"><a href="expertenpanel/benutzer/' . $arrUser["username"][0] . '" target="_blank">' . $arrUser["username"][0] . '</a></p>
                <img class="profilbild" src="' . $arrUser["imglink"][0] . '" />
                [[getExpertenInfo? &userID=`' . $arrUser["userid"][0] . '` &type=`logo`]]
                <p class="userinfo">
                    <span class="status">[[getExpertenInfo? &userID=`' . $arrUser["userid"][0] . '` &type=`status`]]</span>
                    [[getExpertenInfo? &userID=`' . $arrUser["userid"][0] . '` &type=`showPunkte`]]
                </p>
            </div>
        ';
        $strXHubMessageContainer .= ($blnXHubComment ? $strXHubMessage . $strXHubUser : $strXHubUser . $strXHubMessage);
        $strXHubMessageContainer .= '</div>';
        return $strXHubMessageContainer;
    }
?>

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dounue1965 2012-04-16 12:26
关注
It's an old question but hope it helps someone.
All the code which has to be evaled must be escaped and quoted like below:

@eval("\$varA = \"$varB\";");

If it's something like below it will fail:

@eval("\$varA = $varB;");

As PHP.net says it's dangerous to use "eval" so make sure you don't use it unless you really need to.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

当与AJAX一起使用时，PHP eval会产生500错误吗？ ajax javascript php
2011-12-15 07:21

回答 1 已采纳 It's an old question but hope it helps someone. All the code which has to be evaled must be escape
使用PHP eval运行代码导致致命错误：无法重新声明函数 php
2016-04-29 15:42

回答 2 已采纳 You have three choices, really. function_exists() // this will check for the function's existenc
如何使用eval（）调用PHP上的函数？ php
2014-08-04 15:29

回答 1 已采纳 You don't need to eval anything: $function1 = 'print'; $function2 = 'implode'; $arr = array('arg1
前端之AJAX全接触
2022-07-25 22:53

Autumn_Hibiscus的博客 Ajax不是某种编程语言，是一种在无需重新加载整个网页的情况下能够更新部分网页的技术。改变了Web开发的格局。传统网页（即不使用Ajax技术的网页），想要更新内容或者提交一个表单，就需要重新载入页面。使用了Ajax...
JQuery ajax永远不会成功。这是什么错误？ ajax javascript jquery php
2015-07-23 08:22

回答 1 已采纳 It is success not succes try :- success: function (result) {
如何在不使用eval（）的情况下评估PHP表达式 php
2015-10-30 13:01

回答 2 已采纳 After a lot of trials and tests I got it to work this way: show( $_SESSION ); /** * halts proc
python的eval有什么用处？？ python
2021-08-28 11:06

回答 4 已采纳 python的变量是有type的。对于一个字符串，eval是去掉变量字符串的标志，就是引号去掉引号后的内容，如果还是python的一个类型，那就是它，不然就出错。
php获取前端ajax数据对服务器json文件进行增改
2022-10-29 15:42

weixin_40938312的博客首先ajax读取服务器json文件获取json内容总数。先说添加内容：ajax将json内容总数+1作为自增id以及input框中内容传给dujson.php。 php新建数组，将接受到的内容及id放进去，转换成json格式写入json文件。下面是...
php 7的验证eval（） php
2017-06-27 02:39

回答 1 已采纳 You're getting that error because your array keys are plain code rather than strings. You'd have t
使用eval（） - 函数检查变量 php
2017-08-19 18:37

回答 3 已采纳 Many people suggest to get alternate of this . But if you really need this you can do this way. I
这个PHP功能安全吗？ php
2015-09-08 11:25

回答 1 已采纳 You shouldn't use eval for that. Instead simply call you function like that $functionName($field
Ajax面试题 | 前端
2022-11-28 11:16

风筝风的博客前端Ajax 面试题整理
各位大捞，我觉得我还是没理解python的eval函数，为什么我用input输入汉字和字母时，前面放了eval就会报错。。 python 有问必答
2022-04-07 15:23

回答 3 已采纳 eval(expression [ , globals [ , locals ]] )实参是一个字符串，以及可选的 globals 和 locals。globals 实参必须是一个字典。locals
php3.2.3使用ajax删除,AJAX返回
2021-04-27 10:42

M·King的博客 ThinkPHP可以很好的支持AJAX请求，系统的ThinkController类提供了ajaxReturn方法用于AJAX调用后返回数据给客户端。并且支持JSON、JSONP、XML和EVAL四种方式给客户端接受数据，并且支持配置其他方式的数据格式返回。...
ajax指定位置显示php变量,ajax传递数据显示在前端指定位置
2021-04-25 00:30

来年去岁的博客 reg.htmlHTML>ajaxvarhttpAjax=newXMLHttpRequest();functioncheckUser(uname){if(uname==""){returnfalse;}httpAjax.onreadystatechange=function(){if(httpAjax.readyState==4&&httpAj...
没有解决我的问题, 去提问

悬赏问题

¥15 winform的chart曲线生成时有凸起
¥15 msix packaging tool打包问题
¥15 finalshell节点的搭建代码和那个端口代码教程
¥15 用hfss做微带贴片阵列天线的时候分析设置有问题
¥15 Centos / PETSc / PETGEM
¥15 centos7.9 IPv6端口telnet和端口监控问题
¥20 完全没有学习过GAN，看了CSDN的一篇文章，里面有代码但是完全不知道如何操作
¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
¥20 海浪数据南海地区海况数据，波浪数据
¥20 软件测试决策法疑问求解答

当与AJAX一起使用时，PHP eval会产生500错误吗？

1条回答 默认 最新

悬赏问题

1条回答默认最新