Solved

eval() to run a dynamic sprintf() query

Posted on 2003-11-16
6
699 Views
Last Modified: 2011-10-03
Hi,

I'm working on some code that I want to make portable across various pages within the site I'm working on. Most of the code is placed inside 'include' files and specific variables are set on each page to activate sections of the code. This is working fine except for a line of code that is supposed to set up a query via an eval() function. The code I have is as follows:

---------------------------------------
<?php
// Code in page
$fillCheckBoxQry = "sprintf(\"SELECT unit_id FROM user_resident WHERE user_id = %s GROUP BY unit_id ORDER BY unit_id ASC\", $treeUser);";
// $treeUser is generated within the include files.
?>
---------------------------------------
<?php
// Portion of code within include file
// $database_gatekeeper, $gatekeeper are database connection parameters
function fillCheckBox() {
// Write javascript function contents to fill checkboxes
      
      global $database_gatekeeper, $gatekeeper, $fillCheckBoxQry, $treeUser;
      
      mysql_select_db($database_gatekeeper, $gatekeeper);
      $query_rsCheckBox = eval($fillCheckBoxQry); // *** This is where the problem is!
      $rsCheckBox = mysql_query($query_rsCheckBox, $gatekeeper) or die(mysql_error());
      $row_rsCheckBox = mysql_fetch_assoc($rsCheckBox);
      $totalRows_rsCheckBox = mysql_num_rows($rsCheckBox);

      $strVars = "";
      do {
            $strVars .= $row_rsCheckBox['unit_id'].", ";
      } while ($row_rsCheckBox = mysql_fetch_assoc($rsCheckBox));
      
      if ($strVars) {
            echo "      strVars = new Array(".substr($strVars,0,-2).")\n";
      } else {
            echo "      strVars = new Array()\n";
      }
      
      mysql_free_result($rsCheckBox);
} // end fillCheckBox()
---------------------------------------------

The above doesn't execute the sprintf() function. Can anyone point me in the right direction?
0
Comment
Question by:Das246
  • 3
  • 3
6 Comments
 
LVL 13

Expert Comment

by:lozloz
ID: 9761083
hi,

you're not actually executing the function, merely storing it as a string inside the variable.. you need this to have the function run:

$fillCheckBoxQry = sprintf("SELECT unit_id FROM user_resident WHERE user_id = '%s' GROUP BY unit_id ORDER BY unit_id ASC", $treeUser);

i've added quotes around the %s as well, since you'll need this if $treeUser is a string to be found in the database, otherwise MySQL will think it's a column name

loz
0
 

Author Comment

by:Das246
ID: 9761346
Sorry, still doesn't work.
$treeUser is another dynamic variable that is calculated while the page loads so if I perform the sprintf() too early there is no $treeUser var.

I really need to be able to store the dynamic 'SELECT' statement until all the variables are in place, then execute it.

thanks Das246
0
 

Author Comment

by:Das246
ID: 9761568
I got around the problem by creating a function before the include file...

function queryMaker($where) { // Create query for checkboxes
      return "SELECT unit_id FROM user_resident WHERE user_id = '".$where."' GROUP BY unit_id ORDER BY unit_id ASC";
}

The include file then calls the function...

$query_rsCheckBox = queryMaker($treeUser);

If eval() can do the same I would still like to know.

cheers

Das246
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 13

Accepted Solution

by:
lozloz earned 30 total points
ID: 9762970
hi,

sorry i didn't read the whole thing, silly me. eval only takes the code and runs it, it doesn't return the value of it unless you specify a return statement inside the evaluated code. so you need something like this:

$fillCheckBoxQry = "\$query_rsCheckBox = sprintf(\"SELECT unit_id FROM user_resident WHERE user_id = %s GROUP BY unit_id ORDER BY unit_id ASC\", $treeUser);";

cheers,

loz
0
 

Author Comment

by:Das246
ID: 9766564
Thanks loz,

That works great.
So does eval() have to be a complete line of code? Is there a way of combining an eval statement with a variable such as:

$var = eval($str_code);

You mentioned a return statement as another possible solution from within the eval()

cheers

Das246
0
 
LVL 13

Expert Comment

by:lozloz
ID: 9766652
if you wanted i suppose you could try $fillCheckBoxQry = "sprintf(\"SELECT unit_id FROM user_resident WHERE user_id = %s GROUP BY unit_id ORDER BY unit_id ASC\", $treeUser); return $fillCheckBoxQry;";

i think that'd work

loz
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now