eval?

[ejaboneta]

I've read that eval is horrible and whatnot but I don't really understand it. I've found it to be very useful.

 

I've been working on a project and I decided that a the page that I've been working on needs different functions depending on the users choice. Instead of storing all the functions in php files, I am putting the codes in the database to be used when called. That's where the eval comes in. Users would not be able to input anything into this table on the database. Is this a bad idea and why?

[GingerRobot]

So you're storing these functions in the database but they're never modified? There's no real security risk there. However, it is going to be inefficient - apart from anything else, you have to perform a query before you can execute the function. I don't understand why you thought storing the functions in a database rather than in your file would be better?

[jonem]

Hi,

 

I have problem with the eval() function and could use som help.

 

I wish to have functions in an actual .php file but then I want to call this function from either code stored in a variable or in MySQL (I guess its about the same?)

 

I have tried with this but cant get it to work.

----

$vpage='fAVINPicture(\'pics/\', \'bild2.jpg\', \'This is a picure of a giraff\', \'\', \'\', $WapVersion);';

 

echo $vtest = eval($vpage);

----

$vpage is where I intend to store the code I want executed and then I try to get it executed below. 

 

the function fAVINPicture() creates HTML code to show a picture depending on the variables sent to it.

 

Please help! :-)

 

Best regards -Jon

[GingerRobot]

It'd probably be much easier to use call_user_func rather than eval in this case.

[jonem]

Hi,

 

I tried this

-----------

$vpage2='call_user_func(\'fAVINPicture\', \'pics/\', \'bild2.jpg\', \'This is a picure of a giraff\', \'\', \'\', $WapVersion);';

 

$vtest = eval($vpage2);

 

echo $vtest;

---------------

 

No luck. :-(

 

How should I go about this?

 

Many thanks - Jon

 

[GingerRobot]

Try this:

 

$vpage2= call_user_func('fAVINPicture', 'pics/', 'bild2.jpg', 'This is a picure of a giraff', '', '', $WapVersion);
echo $vpage2 //assuming your function does actually return a value?

 

call_user_func() is a normal function. You need to call it in the normal way. If you place a function name inside quotes, it doesn't get called.

[ejaboneta]

So you're storing these functions in the database but they're never modified? There's no real security risk there. However, it is going to be inefficient - apart from anything else, you have to perform a query before you can execute the function. I don't understand why you thought storing the functions in a database rather than in your file would be better?

 

 

Well there probably is a better way to do this but here's why...

 

I'm making a game and the part of the site I'm talking about is a battle system. I want to have many different moves that do different things. For example, a simple attack would subtract points from the other player based on both players stats and the strength of the attack. But I have a problem because there are other moves that do stuff like make the next player miss a turn, alter the stats of the players for the rest of fight or just that turn, etc. Since the moves are stored in the database anyways, I thought it'd be more convenient to add an extra column and store specific code in there.

 

What do you think?

[DeanWhitehouse]

I think it would be better to just make a file containing all your functions and include it on all pages.

[ejaboneta]

so how would I make it so that some moves would perform multiple functions while others just one?

[DeanWhitehouse]

Have the function allow arguments and then have if statements in the functions

[ejaboneta]

What I'm saying is that I'm going to have dozens of moves, half of which I can do with one script but the rest require custom combinations of functions. I'm not actually storing the functions in the database, just which functions to call.

 

For example, "bite" would do the following, call the speed function(to determine a hit or miss), and call the damage function(to determine damage based on defense, strength), and then a final script to execute the damage and set the message variable that would be displayed.

 

The more advanced moves like "Jump" would do nothing on the players side but make the opponents move miss. "Pounce" would call a function that alters speed stat for just one move, and then call the speed and damage functions. Some others would call the damage script twice for multiple hits in one move or skip a few turns to build their strength.

 

If there is a better way, I am open to ideas. I just want to make sure I understand how to do things.

[DeanWhitehouse]

That can all be achieved with functions stored in one page, but if you want to get more advanced then use OOP

[ejaboneta]

Ahh... OOP.... I've just started with that. Thanks.

 

So if I don't use OOP, how exactly can I do custom combinations of functions for each move? I was trying to avoid having a huge script with functions for each one.

[DeanWhitehouse]

as i said arguments and if statments