1

I have a eval function like this

if(FALSE === @eval($code)) echo 'your code has php errors';

So if the code has synthax errors it will return that message.

The problem is that if within the code you have something like:

  require_once('missing_file.php');

it will just break the page, without my nice error message :(

Is there any workaround for this?

Improve this question
9
  • Also, please don't put false on the left hand side of the ===. It makes me queasy... Commented Jul 30, 2010 at 21:01
  • but i have very justified reason to use eval(). I want the site admin to have the ability to add his own php code, instead of editing the application files (and loosing his changes when he updates the app). Commented Jul 30, 2010 at 21:04
  • 1
    @Alex Some kind of pluggable architecture would be infinitely better than having them store PHP code in a string somewhere and evaling it Commented Jul 30, 2010 at 21:11
  • this is based on wordpress, which is already pluggable. but some users might want a simple web interface for this, like a textarea with codemirror on it. Commented Jul 30, 2010 at 21:14
  • @Alex - and what happens when your user gives away a password or leaves it somewhere? Or they use 'password' and someone guesses it? Your server will be rooted. Don't eval unchecked code from the web. It's a very very bad idea. Commented Jul 30, 2010 at 21:18

1 Answer 1

Reset to default
2

Well, first I hope that $code comes from a trusted source and that you're executing arbitrary code sent by the users.

Second, the only way I see you can workaround that is to save $code into a file, run it with the command line PHP interpreter, and check the exit value. Note that passing this test doesn't make $code fatal error free, it just so happened that this particular execution of the script did not throw any fatal error; there may be other code paths that trigger such an error.

This is because once eval triggers a fatal error, it can't be recovered and the script dies. eval only returns FALSE if there is a parsing error.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

only file including functions like 'require' cause fatal errors?
@Alex No, there are many conditions that trigger fatal error.
Not knowing PHP too well - could you try/catch the eval, or does that not work?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.