Solved

eval() to run a dynamic sprintf() query

Posted on 2003-11-16
6
693 Views
Last Modified: 2011-10-03
Hi,

I'm working on some code that I want to make portable across various pages within the site I'm working on. Most of the code is placed inside 'include' files and specific variables are set on each page to activate sections of the code. This is working fine except for a line of code that is supposed to set up a query via an eval() function. The code I have is as follows:

---------------------------------------
<?php
// Code in page
$fillCheckBoxQry = "sprintf(\"SELECT unit_id FROM user_resident WHERE user_id = %s GROUP BY unit_id ORDER BY unit_id ASC\", $treeUser);";
// $treeUser is generated within the include files.
?>
---------------------------------------
<?php
// Portion of code within include file
// $database_gatekeeper, $gatekeeper are database connection parameters
function fillCheckBox() {
// Write javascript function contents to fill checkboxes
      
      global $database_gatekeeper, $gatekeeper, $fillCheckBoxQry, $treeUser;
      
      mysql_select_db($database_gatekeeper, $gatekeeper);
      $query_rsCheckBox = eval($fillCheckBoxQry); // *** This is where the problem is!
      $rsCheckBox = mysql_query($query_rsCheckBox, $gatekeeper) or die(mysql_error());
      $row_rsCheckBox = mysql_fetch_assoc($rsCheckBox);
      $totalRows_rsCheckBox = mysql_num_rows($rsCheckBox);

      $strVars = "";
      do {
            $strVars .= $row_rsCheckBox['unit_id'].", ";
      } while ($row_rsCheckBox = mysql_fetch_assoc($rsCheckBox));
      
      if ($strVars) {
            echo "      strVars = new Array(".substr($strVars,0,-2).")\n";
      } else {
            echo "      strVars = new Array()\n";
      }
      
      mysql_free_result($rsCheckBox);
} // end fillCheckBox()
---------------------------------------------

The above doesn't execute the sprintf() function. Can anyone point me in the right direction?
0
Comment
Question by:Das246
  • 3
  • 3
6 Comments
 
LVL 13

Expert Comment

by:lozloz
ID: 9761083
hi,

you're not actually executing the function, merely storing it as a string inside the variable.. you need this to have the function run:

$fillCheckBoxQry = sprintf("SELECT unit_id FROM user_resident WHERE user_id = '%s' GROUP BY unit_id ORDER BY unit_id ASC", $treeUser);

i've added quotes around the %s as well, since you'll need this if $treeUser is a string to be found in the database, otherwise MySQL will think it's a column name

loz
0
 

Author Comment

by:Das246
ID: 9761346
Sorry, still doesn't work.
$treeUser is another dynamic variable that is calculated while the page loads so if I perform the sprintf() too early there is no $treeUser var.

I really need to be able to store the dynamic 'SELECT' statement until all the variables are in place, then execute it.

thanks Das246
0
 

Author Comment

by:Das246
ID: 9761568
I got around the problem by creating a function before the include file...

function queryMaker($where) { // Create query for checkboxes
      return "SELECT unit_id FROM user_resident WHERE user_id = '".$where."' GROUP BY unit_id ORDER BY unit_id ASC";
}

The include file then calls the function...

$query_rsCheckBox = queryMaker($treeUser);

If eval() can do the same I would still like to know.

cheers

Das246
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 13

Accepted Solution

by:
lozloz earned 30 total points
ID: 9762970
hi,

sorry i didn't read the whole thing, silly me. eval only takes the code and runs it, it doesn't return the value of it unless you specify a return statement inside the evaluated code. so you need something like this:

$fillCheckBoxQry = "\$query_rsCheckBox = sprintf(\"SELECT unit_id FROM user_resident WHERE user_id = %s GROUP BY unit_id ORDER BY unit_id ASC\", $treeUser);";

cheers,

loz
0
 

Author Comment

by:Das246
ID: 9766564
Thanks loz,

That works great.
So does eval() have to be a complete line of code? Is there a way of combining an eval statement with a variable such as:

$var = eval($str_code);

You mentioned a return statement as another possible solution from within the eval()

cheers

Das246
0
 
LVL 13

Expert Comment

by:lozloz
ID: 9766652
if you wanted i suppose you could try $fillCheckBoxQry = "sprintf(\"SELECT unit_id FROM user_resident WHERE user_id = %s GROUP BY unit_id ORDER BY unit_id ASC\", $treeUser); return $fillCheckBoxQry;";

i think that'd work

loz
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
These days socially coordinated efforts have turned into a critical requirement for enterprises.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now