3

I'd like to use php eval() to identify potential parse errors. I'm aware of the dangers of eval, but this is a very limited use which will be fully validated beforehand.

I believe that in php 7 we should be able to catch a parse error, but it doesn't work. Here's an example:

  $one = "hello";
  $two = " world";
  $three = '';
  $cmdstr = '$three = $one . $tw;';

  try {
     $result = eval($cmdstr);
 } catch (ParseError $e) {
     echo 'error: ' . $e;
 }

echo $three;

I'm trying to cause a parse error here to see if I can catch it, but when I run it, the error (undefined variable tw) appears as it usually would. It was not being caught.

Any ideas how to catch a parse error from eval?

Improve this question
2
  • 2
    I would recommend using something like github.com/nikic/PHP-Parser which would be a more controlled way of doing this (I think). Commented Aug 10, 2020 at 18:16
  • 2
    One thing to point out is that a variable not being defined isn't a parse error but a runtime error. This is down to PHP being able to create variables in all sorts of weird ways that it's impossible to know at compile time is a variable may exist or not. Parse errors would be something like missing the = - $three $one . $tw; Commented Aug 10, 2020 at 18:28

2 Answers 2

Reset to default
4

Your code doesn't work as expected because, in PHP, an undefined variable doesn't trigger a parse error but a notice instead. Thanks to set_error_handler native function, you can convert a notice to error then catch it with this PHP 7 code:

<?php

set_error_handler(function($_errno, $errstr) {
    // Convert notice, warning, etc. to error.
    throw new Error($errstr);
});

$one = "hello";
$two = " world";
$three = '';
$cmdstr = '$three = $one . $tw;';

try {
    $result = eval($cmdstr);
} catch (Throwable $e) {
    echo $e; // Error: Undefined variable: tw...
}

echo $three;
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I believe the correct way to "convert" errors into exceptions is with throw new ErrorException(...), as the ErrorException exception type has fields for the various components of a legacy error.
1

Your PHP code would throw a 'Notice' kind of error and those cannot be handled by try..catch blocks. You would have to use your own error handlers using PHP's set_error_handler method. Read the document and you will understand what to do. If you want a sample of how to do it then:

<?php

function myErrorHandler($errno, $errstr)
{
    switch ($errno) {
        case E_USER_ERROR:
            die("User Error");
            break;
        default:
            die("Your own error");
            break;
    }

    /* Don't execute PHP internal error handler */
    return true;
}

$err = set_error_handler("myErrorhandler");

$one = "hello";
$two = " world";
$three = '';
$cmdstr = '$three = $one . $tw;';

$result = eval($cmdstr);

echo $three;

?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.