65bit Posted August 7, 2009 Share Posted August 7, 2009 I'm pretty much a PHP novice ... I understand the security concerns with eval, but this is for a process that only I use and have access to. Can someone please help guide me on how to make this work? I have 4 conditions I want to test, where the conditions can vary from scenario to scenario. With that, I’ve stored them in a table. I have the following 4 records where each condition is in its own record for “scenario x”: record 1; varchar field named condition = $row_dsee['field1’]==0 and $row_dsee[‘field2’]==0 record 2; varchar field named condition = $row_dsee['field1’]==0 and $row_dsee[‘field2’]>0 record 3; varchar field named condition = $row_dsee['field1’]>0 and $row_dsee[‘field2’]==0 record 4; varchar field named condition = $row_dsee['field1’]>0 and $row_dsee[‘field2’]>0 My code: while($row_cond=mysql_fetch_array($cond)) { $vcondition = $row_cond[“condition”]; if (eval("return " . $vcondition . ";")) { $passed++; } } Even when field1 = 50 and field2 = 50 (both > 0), $passed goes up as a result of both record 3 AND record 4. It’s behaving as if it isn’t considering the part after the ‘and’, but I’m guessing there's more to it than that and I’m missing something with what eval is doing. Any help would be greatly appreciated. Thansk, David Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted August 7, 2009 Share Posted August 7, 2009 You are using incorrect style of quotes. You need to use ' or " not ‘’ or “”, these are invalid syntax Quote Link to comment Share on other sites More sharing options...
65bit Posted August 8, 2009 Author Share Posted August 8, 2009 Sorry - - I typed my post in Word and then copied and pasted, so it's just a Word thing. I'm actually doing this: record 1; varchar field named condition = $row_dsee['field1']==0 and $row_dsee['field2']==0 record 2; varchar field named condition = $row_dsee['field1']==0 and $row_dsee['field2']>0 record 3; varchar field named condition = $row_dsee['field1']>0 and $row_dsee['field2']==0 record 4; varchar field named condition = $row_dsee['field1']>0 and $row_dsee['field2']>0 And this: while($row_cond=mysql_fetch_array($cond)) { $vcondition = $row_cond["condition"]; if (eval("return " . $vcondition . ";")) { $passed++; } } And getting the results previously mentioned. Thanks Quote Link to comment Share on other sites More sharing options...
sasa Posted August 8, 2009 Share Posted August 8, 2009 while($row_cond=mysql_fetch_array($cond)) { $vcondition = $row_cond["condition"]; eval('$xxx = '.$vcondition. ';'); if ($xxx)) { $passed++; } } Quote Link to comment Share on other sites More sharing options...
65bit Posted August 8, 2009 Author Share Posted August 8, 2009 Thanks sasa. Unfortunately, I'm still getting the same results. If I add a couple of echos this is what I'm seeing: while($row_cond=mysql_fetch_array($cond)) { $vcondition = $row_cond["condition"]; // placing echo $condition here yields // $row_dsee['field1']>0 and $row_dsee['field2']==0 for record 3 // $row_dsee['field1']>0 and $row_dsee['field2']>0 for record 4 eval('$xxx = '.$vcondition. ';'); // echo $xxx yeilds $0 for record 3 when field1 = 420 and field2 = 0 // echo $xxx yeilds $0 for record 4 when field1 = 420 and field2 = 0 // echo $xxx yeilds !4 for record 3 when field1 = 1481 and field2 = 2459 // echo $xxx yeilds !4 for record 4 when field1 = 1481 and field2 = 2459 if ($xxx)) { $passed++; } } Seems to be strange results for the value of $xxx. I would have thought I'd get true or false or 0 or 1? btw - I dropped the extra right ) in if($xxx)) Quote Link to comment Share on other sites More sharing options...
sasa Posted August 8, 2009 Share Posted August 8, 2009 try eval('$xxx = ('.$vcondition. ');'); Quote Link to comment Share on other sites More sharing options...
65bit Posted August 8, 2009 Author Share Posted August 8, 2009 That gives this: while($row_cond=mysql_fetch_array($cond)) { $vcondition = $row_cond["condition"]; // placing echo $condition here yields // $row_dsee['field1']>0 and $row_dsee['field2']==0 for record 3 // $row_dsee['field1']>0 and $row_dsee['field2']>0 for record 4 eval('$xxx = ('.$vcondition. ');'); // echo $xxx yeilds 'nothing' for record 3 when field1 = 420 and field2 = 0 // echo $xxx yeilds 'nothing' for record 4 when field1 = 420 and field2 = 0 // echo $xxx yeilds 'nothing' for record 3 when field1 = 1481 and field2 = 2459 // echo $xxx yeilds 'nothing' for record 4 when field1 = 1481 and field2 = 2459 if ($xxx)) { $passed++; } } I don't actually see the word 'nothing', it's just blank. Likewise, $passed is now not incrementig for any of the 4 conditions. If I change scenario x to have one simple rule of field10 != "" and populate field10 with "just some text", it behaves as expected and $passed increments by 1. An excho of $xxx in that situation yeilds "1", which I assume represents true. Still fighting with my 'real' conditions. Thanks Quote Link to comment Share on other sites More sharing options...
sasa Posted August 9, 2009 Share Posted August 9, 2009 i do some test and it works for me <?php $vcondition = '$row_dsee[\'field1\']>0 and $row_dsee[\'field2\']==0'; $row_dsee['field1']=420; $row_dsee['field2']=0; eval('$xxx = ('.$vcondition. ');'); echo 'condition=',$vcondition,"<br />\n"; echo 'f1=',$row_dsee['field1'],' f2=',$row_dsee['field2'],' $xxx=', var_dump($xxx); echo "<hr />\n"; $vcondition = '$row_dsee[\'field1\']>0 and $row_dsee[\'field2\']==0'; $row_dsee['field1']=1481; $row_dsee['field2']=2459; eval('$xxx = ('.$vcondition. ');'); echo 'condition=',$vcondition,"<br />\n"; echo 'f1=',$row_dsee['field1'],' f2=',$row_dsee['field2'],' $xxx=', var_dump($xxx); echo "<hr />\n"; $vcondition = '$row_dsee[\'field1\']>0 and $row_dsee[\'field2\']>0'; $row_dsee['field1']=420; $row_dsee['field2']=0; eval('$xxx = ('.$vcondition. ');'); echo 'condition=',$vcondition,"<br />\n"; echo 'f1=',$row_dsee['field1'],' f2=',$row_dsee['field2'],' $xxx=', var_dump($xxx); echo "<hr />\n"; $vcondition = '$row_dsee[\'field1\']>0 and $row_dsee[\'field2\']>0'; $row_dsee['field1']=1481; $row_dsee['field2']=2459; eval('$xxx = ('.$vcondition. ');'); echo 'condition=',$vcondition,"<br />\n"; echo 'f1=',$row_dsee['field1'],' f2=',$row_dsee['field2'],' $xxx=', var_dump($xxx); echo "<hr />\n"; ?> output condition=$row_dsee['field1']>0 and $row_dsee['field2']==0 f1=420 f2=0 $xxx=bool(true) -------------------------------------------------------------------------------- condition=$row_dsee['field1']>0 and $row_dsee['field2']==0 f1=1481 f2=2459 $xxx=bool(false) -------------------------------------------------------------------------------- condition=$row_dsee['field1']>0 and $row_dsee['field2']>0 f1=420 f2=0 $xxx=bool(false) -------------------------------------------------------------------------------- condition=$row_dsee['field1']>0 and $row_dsee['field2']>0 f1=1481 f2=2459 $xxx=bool(true) -------------------------------------------------------------------------------- Quote Link to comment Share on other sites More sharing options...
65bit Posted August 9, 2009 Author Share Posted August 9, 2009 Thanks very much sasa. I'm able to repeat what you've done IF I hard code the setting of $vcondition, but not if I initialize it from my mysql table. $vcondition = '$row_dsee[\'field1\']>0 and $row_dsee[\'field2\']==0'; eval('$xxx = ('.$vcondition. ');'); echo 'set vcondition in PHP code makes vcondition = ', $vcondition,"<br />\n"; echo 'after eval, a var_dump of $xxx = ', var_dump($xxx); echo "<br />\n"; Beautifully Outputs set vcondition in PHP code makes vcondition = $row_dsee['field1']>0 and $row_dsee['field2']==0 after eval, a var_dump of $xxx = bool(false) But if I set $xcondition by doing $xcondtion = $row_cond["condition"]; it looks like it should work, but doesn't $xcondition = $row_cond["condition"]; eval('$yyy = ('.$xcondition. ');'); echo 'set xcondition from table makes xcondition = ', $xcondition,"<br />\n"; echo 'after eval, a var_dump of $yyy = ', var_dump($yyy); echo "<br />\n"; Yields set xcondition from table makes xcondition = $row_dsee['field1']>0 and $row_dsee['field2']==0 after eval, a var_dump of $yyy = NULL The echo of the $vconditoin and $xcondition appear to be identical, but must not be ?? as hard code correctly evaluates to false, while setting from the table evaluates to NULL. Quote Link to comment Share on other sites More sharing options...
sasa Posted August 9, 2009 Share Posted August 9, 2009 try to insert $xcondition = html_entity_decode($xcondition); before eval it Quote Link to comment Share on other sites More sharing options...
65bit Posted August 9, 2009 Author Share Posted August 9, 2009 Thanks VERY much for your help! html_entity_decode before the eval did it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.