Declaring variables in eval'd code

[Sagaris]

Hi there,

I am trying to find an appropiate method by which I can store php code in a database, and then parse the code when it is retrieved from the database using PHP.

Eval seems to be the way to go (need to have a look at the security implications first), but I am just trying to get a quick example working. What is stumping me at the moment is being able to include the declaration of PHP variables in the string stored in the database. Escaping the $ in front of the variable declarations was suggested in some eval tutorials but to no avail.

Here is my test code

Code: Select all

    $php = "<? \$1 = abc; ?>this is the text with php code in it.  <? echo \$1; ?>";
  
    ob_start();

    eval(" ?>" . $php . "<? ");

    $output = ob_get_contents();

    ob_end_clean();

    echo $output;

and this is the error I am receiving

Parse error: syntax error, unexpected T_LNUMBER, expecting T_VARIABLE or '$' in /hermes/web09/b1130/pow.blah/htdocs/eval-test.php(33) : eval()'d code on line 1

If I change the value of the $php variable to

Code: Select all

$php = "This is the text with php code in it.  <? echo date('H:M:S'); ?>";

The PHP parses fine.

If anybody can shed some light on this I would be really grateful. Alternatively if you can think of a more suitable method for getting PHP out of a database and then parsed fire away!