Reputation: 179
Eval code doesn't work
I try to make e eval code, but something went wrong, and i cannot find the error.
I've got this:
Parse error: syntax error, unexpected ',' in /Applications/XAMPP/xamppfiles/htdocs/classes/databasehandler.php(57) : eval()'d code on line 1
Here is the code:
eval("$s->bind_param('".$binds."', ".$values.");");
$BINDS ARE: ss
$VALUES ARE: 'testing','hej123'
Upvotes: 0
Views: 1035
Answers (3)
Reputation: 28165
Why are you using eval() for this? It can be achieved as follows:
$binds = 'si';
$values = array('a string', 4609);
$args = array($binds) + $values;
call_user_func_array(array($s, 'bind_param'), $args);
The code above is faster (doesn't invoke a new execution context), more secure (variables are passed directly, no assumptions on escaping).
Upvotes: 1
Reputation: 76408
Double quotes are parsed by PHP, so eval("$s->bind_param..."); is equal to eval($s."->bind_param...');. Replace double with single quotes and your EVIL code will work.
If you're sure your values are delimited by comma's why not create the array yourself?
$values = explode(',',preg_replace('/[\'"]/g','',$values));
Or something like that?
Upvotes: 1
Reputation: 21866
Do not use Eval, and certainly not for something trivial as binding a parameter to a query!
Upvotes: 0
Related Questions
- How to write a variable in a double quoted string to be treated as a variable by eval()
- syntax error, unexpected '=' in eval()'d code
- Eval() Error with eval()'d error
- PHP eval does not produce expected results
- Can't understand syntax error, unexpected '=' in eval()'d code
- eval() not working?
- I got trouble with eval() function in php?
- Why couldn't I call eval() in this way?
- PHP - eval() problem
- Eval() problem in PHP