Why is there a function create_function()? in PHP

Question

Why is there a function create_function() if I could just create the function something() { ... }. What is create_function(string $args, string $code); really meant for?

For example should I want to echo a specific value, written long hand:

function sayHi($name){
    echo 'Hi,' . $name;
}
//using it like:
sayHi('Jacques Marais');

But then using the create_function() method:

$sayHi = create_function('$name', 'echo \'Hi,\' . $name;');
//using it like:
$sayHi('Jacques Marais');

Answer 1

if (!empty($_POST))
{
    $arguments = $_POST['arguments'];
    $parameters = $_POST['parameters'];
    $method = $_POST['method'];

    if (!empty($method) && !empty($arguments) && !empty($parameters))
    {
        $newfunc = create_function($parameters, $method);

        if (function_exists($newfunc))
        {
            call_user_func_array($newfunc, explode(",", $arguments));
        }
        else
        {
            echo "Function not aviable!<br>";
        }
    }
}
else { ?>

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
    Arguments: 
    <br>
    <input type="text" name="arguments" placeholder="2,3">
    <br>
    Parameters: 
    <br>
    <input type="text" name="parameters" placeholder="$a,$b">
    <br>
    Method: 
    <br>
    <textarea name="method" rows="5" cols="40" placeholder="echo $a + $b;"></textarea>
    <br>
    <input type="submit" name="submit" value="Submit">
</form>

<?php }

This example can be used to change the behavior of a program through code injection. It can "trick" the system into behaving in a certain way without any malicious intent.

Answer 2

Because of you can use it in many ways.. Even in an array!

$farr = array(
    create_function('$x,$y', 'return "some trig: ".(sin($x) + $x*cos($y));'),
    create_function('$x,$y', 'return "a hypotenuse: ".sqrt($x*$x + $y*$y);'),
    create_function('$a,$b', $f1),
    create_function('$a,$b', $f2),
    create_function('$a,$b', $f3)
);

You're looking at just one example, but the use of this function is more complicated, you can use it in many different ways which will be easier then using the function().

Like example#3 on PHP.net

<?php
    $av = array("the ", "a ", "that ", "this ");
    array_walk($av, create_function('&$v,$k', '$v = $v . "mango";'));
    print_r($av);
?>

The above example will output:

Array
(
    [0] => the mango
    [1] => a mango
    [2] => that mango
    [3] => this mango
)

Answer 3

create_function() is mainly from PHP 4, in new PHP (>=5) you should use anonymous functions. The difference can be a scope and garbage collecting, not sure. create_function() will have to evaluate the string, it can be less secure. I can see that function as deprecated, there are better ways even how to add dynamically a method to the class and you can use anonymous (lambda) functions in array as well.

Answer 4

Prior to PHP 5.3.0 this was the only way one could define an anonymous function with all it's (dis)advantages.

Also, together with eval, it's one of the ways one can use to define functions at runtime.

One good example I could think of:

$dbTables = array('user' => NULL, 'article' => NULL);

foreach($dbTables as $table => $func)
{
    $dbTables[$table] = create_function('', 'return mysql_query(...);');
}

$users = $dbTables['user']();

Obviously using magic methods and classes is a lot nicer and the way most PHP ORMs work.

Answer 5

The goal is to create function dynamically. Not replacing manual declaration, otherwise I agree that would not be really useful.

So you can create functions with name passed as an argument, like you do with magic methods __get() on classes, or use it in loop to declare several similar functions.

Answer 6

It's come to php from functional programming I guess...

It's calling anonymous function. You can use it if you need pass function to the another function. For example usort function of php. And of course not only for this. You can use it in arrays or you can return the function from another function.