Jump to content

[SOLVED] getting a eval() to return a bool resault

M.O.S. Studios

By M.O.S. Studios
in PHP Coding Help

 Share

Recommended Posts

M.O.S. Studios Advanced Member

M.O.S. Studios

Posted
Posted

Hey, im working on a program that calculates shipping cost using a equation entered by the adminastrator.

 

i want to check the equation to make sure it works properly.

 

im trying to do this by assgining the value to $funtion and pluging that into eval();

 

after tinkering with eval(); i found that if the equation dosn't make scence then i get an error back from the sever like this one:

Parse error: syntax error, unexpected '/' in /home/montrea1/public_html/demo/admin/content/checkout/shipping/charges/modify.php(69) : eval()'d code on line 1

 

basicly what i want assinsed a value to $error rather then get a server error back, any ideas?

 

 

thanks in advance

M.O.S. Studios Advanced Member

M.O.S. Studios

Posted
  • Author
Posted

looking back my explaination wasn't great.

 

ill show u the code,

 

$formula=$_POST['formula'];
if($formula)
{
//section a
  $sym=array("[x]","[/]","[+]","[-]","[sku]","[#]","[st]","[%]","[/%]","(",")",".","1","2","3","4","5","6","7","8","9");
  $test_form = str_replace($sym,"0",$formula);
  preg_match('/(^[0]*)/i', $test_form, $matches);
  if($test_form==$matches[0])
  {
//section b
   $formula = str_replace("[x]","*",$formula);
   $formula = str_replace("[/]","/",$formula);
   $formula = str_replace("[+]","+",$formula);
   $formula = str_replace("[-]","-",$formula);
   $formula = str_replace("[sku]",2,$formula);
   $formula = str_replace("[#]","4",$formula);
   $formula = str_replace("[st]","100",$formula);
   $formula = str_replace("[%]","(",$formula);
   $formula = str_replace("[/%]","/100)",$formula);
   $formula = "$"."formula=".$formula.";";
//section c
   eval($formula);
   $formula=number_format($formula, 2);
  }
  else
  {
//section d
   $error .="Please enter a valid value for 'Formula Charge'"."<br>"."\n";
  }
}

 

ok there is a few things going on here

 

section a: makes sure $formula only has characters used for calculating total amount, meant to prevent ppl from entering code

 

section b: translates the user entered information into a php readable formula,

 

section c: Runs the formula and figures out if it works mathematically

 

section d: if the user entered code contains invalid characters creates an error

 

 

here if the problem,

 

if the user inputs something like this

 

 

if(!eval($formula))
{$error .="Please enter a valid formula";}

 

 

hopfully this was more clear

M.O.S. Studios Advanced Member

M.O.S. Studios

Posted
  • Author
Posted

Hey again,

  i've looked up some other stuff and i can solve my problem if some one could tell me how to get eval(); to return custom error messages instead of the standard server message that you get.

 

any one have any ideas?

premiso Regular Member

premiso

Posted
Posted

I doubt it is possible unless you use the

 

Note: In case of a fatal error in the evaluated code, the whole script exits.

 

from the eval page.

 

You may be able to use set_error_handler to handle that error, but I think it will still exit the script either way. If using php5 (I highly doubt this will work with a Try/Catch) but you can try a Try/Catch. But since it is returning a fatal error, I do not think it will work.

M.O.S. Studios Advanced Member

M.O.S. Studios

Posted
  • Author
Posted

Hey guys,

 

I want to make a funtion that runs a string through eval(); and return one of two values.

 

value 1. TRUE (when eval string worked with out errors)

value 2. False (when eval string encountered problems)

 

here is the code i got so far

 

function formula($formula)
{
  eval($formula)
   or die(return false);
}
return true;
}


$test="[st][-]([#][x]3)";


if(!formula($test))
{echo "it DIDN'T work";}else{echo "it DID work";}

 

i have never used the "or die" command or the "return" comman so im not sure where the problem lies

 

any ideas??

 

thanks in advance

premiso Regular Member

premiso

Posted
Posted

http://www.phpfreaks.com/forums/index.php/topic,245560.0.html

 

Why did you create a new post?

 

EDIT:

Thanks for merging Thorpe.

 

Take a look at my reply above and see if that does not help you. I am afraid this may be a lost cause for you. You may have to result to using exec functions to call PHP CLI, as that would create a new process and not throw a fatal error to the page.

 

Note: Using eval on unknown code can be dangerous. I would suggest against it if possible or at least filtering it to avoid someone screwing with/up your server.

premiso Regular Member

premiso

Posted
Posted

sorry about that, i wanted to delete my old post cuz i felt that the new one made the question a lot more clear, but i couldn't figure out how to delete my old one

 

Your question is clear. The answer is even clearer. No you cannot.

 

You may have to result to using exec functions to call PHP CLI, as that would create a new process and not throw a fatal error to the page.

 

That is your answer.  You may want to do some research on how exec works so you can use that to evaluate the code. With PHP CLI you can test code for errors. This way it is not necessarily ran, just parsed to make sure there are no issues with it.

 

<?php
$syntaxCheck = array('$format = $x + $y;', '$format = $x .. $y ..;');

foreach ($syntaxCheck as $syntax) {
if (validSyntax($syntax)) 
	echo "{$syntax} contains valid syntax";
else 
	echo "{$syntax} does not contains valid syntax";
echo "<br />";
}


function validSyntax($syntax) {
$path = explode("/", $_SERVER['SCRIPT_FILENAME']);
array_pop($path);
$path = implode("/", $path);

$fh=fopen("syntaxTest.php", "w");
fwrite($fh, "<?php\n{$syntax}\n?>");
fclose($fh);

// note if the below does not work make sure php is in the environment variable as a path.
exec("D:\wamp\bin\php\php5.2.9-1\php -l {$path}/syntaxTest.php", $result, $res);
unlink("syntaxTest.php");

return ($res == -1)?false:true;
}
?>

 

Although I am against doing this for someone, I just wanted to see for myself if it would work. Which it does.

premiso Regular Member

premiso

Posted
Posted

A quick fix to my code:

 

<?php
$syntaxCheck = array('$format = $x + $y;', '$format = $x .. $y ..;');

foreach ($syntaxCheck as $syntax) {
   if (validSyntax($syntax)) 
      echo "{$syntax} contains valid syntax";
   else 
      echo "{$syntax} does not contains valid syntax";
   echo "<br />";
}

   
function validSyntax($syntax) {
   $path = explode("/", $_SERVER['SCRIPT_FILENAME']);
   array_pop($path);
   $path = implode("/", $path);

   $fh=fopen("syntaxTest.php", "w");
   fwrite($fh, "<?php\n{$syntax}\n?>");
   fclose($fh);
   
   // note if the below does not work make sure php is in the environment variable as a path.
   exec("php -l {$path}/syntaxTest.php", $result, $res);
   unlink("syntaxTest.php");
   
   return ($res == -1)?false:true;
}
?>

 

Modified the exec line.

premiso Regular Member

premiso

Posted
Posted

I did not think output buffering would work, but I was wrong. Here is another way (I would still check/filter the syntax being eval'd for security reasons).

 

<?php
$syntaxCheck = array('$format = $x + $y;', '$format = $x .. $y ..;');

foreach ($syntaxCheck as $syntax) {
if (validSyntax($syntax)) 
	echo "{$syntax} contains valid syntax";
else 
	echo "{$syntax} does not contain valid syntax";
echo "<br />";
}

function validSyntax($php) {
$evalStr = 'return;';

// Stop the browser from receiving output.
ob_start();
$test = eval($php);
$evaluput = ob_get_clean();

// Run if output was received
if(!empty($evaluput)) {		
	// if parse error is in the string, return false
	if(stristr($evaluput, "PARSE ERROR")) 			
		return false;
}

return true;
}
?>

 

Preference, at least in my opinion, would still be the CLI, so if that becomes available I would use that over this. As it does not actually execute the code, just parses it.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.