Link to home
Start Free TrialLog in
Avatar of pzozulka
pzozulka

asked on

PHP Question

I'm having a problem with my php code, and receiving the following error:
Parse error: syntax error, unexpected T_STRING in /home/f12user09/public_html/index.php(75) : eval()'d code on line 66 Fatal error: Class 'editor_metaclasses' not found in /home/f12user09/public_html/index.php(148) : eval()'d code on line 1

No sure what it means, and need help. Details of the code is below.

index.php connects to a table which holds classes, it loops through all the classes and evaluates them. Then depending on the buttun the user presses on the index.php page, a small piece of code executes and creates an object of that class and executes a function in that class.
<?php
error_reporting(E_ALL);
ini_set('display_errors', TRUE);
session_start();
$user="f12user09";
$password="ia64bit";
$database="f12user09";

mysql_connect('localhost',$user,$password);
mysql_select_db($database) or die("Unable to select database");

echo("<HTML>");
echo("<HEAD><TITLE>Login</TITLE></HEAD>");
echo("<BODY>");
echo("<br>");
echo("<FORM NAME=\"login_form\" METHOD=post>");
echo("Username: <input type=\"text\" name=\"username\"><br>");
echo("Password: <input type=\"text\" name=\"password\"><br>");
echo("<br>");
echo("<INPUT TYPE=\"Submit\" NAME=\"submit_login\" VALUE=\"Login\" />");
echo("<INPUT TYPE=\"Submit\" NAME=\"submit_logoff\" VALUE=\"Log Off\" />");
echo("</FORM>");
echo("</BODY>");
echo("</HTML>");

if(!empty($_POST["submit_logoff"])) {
	session_destroy();
	echo("Logoff Successful!");
}

if(!empty($_POST["submit_login"])) {
	$username = $_POST['username'];
	$password = $_POST['password'];
	
	$qr_login = "SELECT * FROM login where username='$username' and password='$password'";
	$res_login = mysql_query($qr_login);
	$count=mysql_num_rows($res_login);
	$array_res=mysql_fetch_array($res_login);
	$FullName = $array_res["FirstName"] . " " . $array_res["LastName"];

	if(($count==1)){
		session_register("username");
		session_register("password");
		session_start();
		echo("Welcome " . $FullName . "!");
		if(!session_is_registered(username)) {	  
			  echo("Something failed, try again!");			  
		}
	}
	else {
		echo ("Wrong Username and Password");
		session_destroy();
	}
}

if(session_is_registered(username))
{
	echo ("<HTML><HEAD><TITLE>GUIs and Classes</TITLE></HEAD><BODY><CENTER>");
	echo ("<FORM NAME=\"form_GUI\" METHOD=POST >");
	echo ("<INPUT TYPE=\"Submit\" VALUE=\"Display Box\" name=\"DisplayBox\"/>");
	echo ("<INPUT TYPE=\"Submit\" VALUE=\"Display Pseudo\" name=\"DisplayPseudo\"/>");
	echo ("<INPUT TYPE=\"Submit\" VALUE=\"Class Editor\" name=\"ClassEditor\"/>");
	echo ("<INPUT TYPE=\"Submit\" VALUE=\"Edit Metaclasses\" name=\"MetaclassEditor\"/>");
	echo ("</FORM>");
	echo ("</CENTER>");
	echo ("</BODY>");
	echo ("</HTML>");

	//EVAL ALL CLASSES
	$general_qr="SELECT * FROM Metaclasses";
	$general_res=mysql_query($general_qr);
	while($general_row=mysql_fetch_array($general_res)) {
		$general_source=$general_row["sourceCode"];
		stripslashes($general_source);
		eval($general_source);
	}

	if(!empty($_GET["c"])){
		if(!empty($_GET["f"])) {
			$varC= $_GET["c"];
			$varF= $_GET["f"];
			$qr_userVar="SELECT * FROM gui WHERE className='".$varC."' and functionName='".$varF."'";
			$res_userVar=mysql_query($qr_userVar);
			$res_row_userVar=mysql_fetch_array($res_userVar);
			$source_userVar=$res_row_userVar["source"];
			//$qr2_userVar="SELECT * FROM Metaclasses WHERE name like '".$varC."'";
			//$res2_userVar=mysql_query($qr2_userVar);
			//$res_row_userVar=mysql_fetch_array($res2_userVar);
			//$sourceC_userVar=$res_row_userVar["sourceCode"];
			$final_userVar=$source_userVar;
			stripslashes($final_userVar);
			eval($final_userVar);
		}
	}
	else {
		if(!empty($_POST["DisplayBox"])) {
			$qr="SELECT * FROM gui WHERE id=1";
			$res=mysql_query($qr);
			$res_row_gui=mysql_fetch_array($res);
			$varClassName=$res_row_gui["className"];
			$sourceCodeGUI=$res_row_gui["source"];
			//$qr2="SELECT * FROM Metaclasses WHERE name like '".$varClassName."'";
			//$res2=mysql_query($qr2);
			//$res_row_meta=mysql_fetch_array($res2);
			//$sourceC=$res_row_meta["sourceCode"];
			$final=$sourceCodeGUI;
			stripslashes($final);
			eval($final);
		}

		elseif(!empty($_POST["DisplayPseudo"])) {
			$qr_pseudo="SELECT * FROM gui WHERE id=2";
			$res_pseudo=mysql_query($qr_pseudo);
			$res_row_gui_pseudo=mysql_fetch_array($res_pseudo);
			$varClassNamePseudo=$res_row_gui_pseudo["className"];
			$sourceCodeGUI_pseudo=$res_row_gui_pseudo["source"];
			//$qr2_pseudo="SELECT * FROM Metaclasses WHERE name like '".$varClassNamePseudo."'";
			//$res2_pseudo=mysql_query($qr2_pseudo);
			//$res_row_meta_pseudo=mysql_fetch_array($res2_pseudo);
			//$sourceC_pseudo=$res_row_meta_pseudo["sourceCode"];
			$final_pseudo=$sourceCodeGUI_pseudo;
			stripslashes($final_pseudo);
			eval($final_pseudo);
		}

		elseif((!empty($_POST["ClassEditor"])) || (!empty($_POST["select_class"])) || (!empty($_POST["class_and_test"])) ) {
			$qr_editor="SELECT * FROM gui WHERE id=3";
			$res_editor=mysql_query($qr_editor);
			$res_row_gui_editor=mysql_fetch_array($res_editor);
			$varClassNameEditor=$res_row_gui_editor["className"];
			$sourceCodeGUI_editor=$res_row_gui_editor["source"];
			//$qr2_editor="SELECT * FROM Metaclasses WHERE name like '".$varClassNameEditor."'";
			//$res2_editor=mysql_query($qr2_editor);
			//$res_row_meta_editor=mysql_fetch_array($res2_editor);
			//$sourceC_editor=$res_row_meta_editor["sourceCode"];
			$final_editor=$sourceCodeGUI_editor;
			stripslashes($final_editor);
			eval($final_editor);
		}
		
		elseif((!empty($_POST["MetaclassEditor"])) || (!empty($_POST["select_metaclass"])) || (!empty($_POST["execute"])) ) {
			$qr_meta_editor="SELECT * FROM gui WHERE id=4";
			$res_meta_editor=mysql_query($qr_meta_editor);
			$res_row_gui_meta_editor=mysql_fetch_array($res_meta_editor);
			$sourceCodeGUI_meta_editor=$res_row_gui_meta_editor["source"];
			$final_meta_editor=$sourceCodeGUI_meta_editor;
			stripslashes($final_meta_editor);
			eval($final_meta_editor);
		}
	}
}
				
	mysql_close();
?>

Open in new window


Here is the class that needs to be executed when the button is pressed on index.php, and the code to run it is:

$x=new editor_metaclasses();
$x->display_metaclasses();

class editor_metaclasses {

    function display_metaclasses() {
	
        $query0="SELECT id, name FROM Metaclasses ORDER BY name";
        $result_select_classNames = mysql_query($query0);
        
        $num0=mysql_num_rows($result_select_classNames);
        $options="";
        while($row=mysql_fetch_array($result_select_classNames)) {
         $classId1=$row["id"];
         $className1=$row["name"];
         $options.="<OPTION VALUE=" . $classId1. ">".$className1. "</OPTION>";
        }
        if (!empty($_POST["execute"])) {
           if (!empty($_POST["metaclass_code"]))  {
                 $meta_class= $_REQUEST["metaclass_code"];
                 $meta_class=stripslashes($meta_class);
                 
           }
            if (!empty($_POST["metaclass_name"]))  {
                 $meta_className= $_REQUEST["metaclass_name"];
                 $meta_className=stripslashes($meta_className);
            }    
            if (!empty($_POST["metatest_code"]))  {
                 $meta_testCode= $_REQUEST["metatest_code"];
                 $meta_testCode=stripslashes($meta_testCode);
                
           }
          
           $query1="SELECT * FROM Metaclasses WHERE name = '".$meta_className."'";
           $result_select_existingClass=mysql_query($query1);
           $num1=mysql_num_rows($result_select_existingClass);

           
          
          if($num1>0) {
               $query2="Update Metaclasses SET sourceCode='".$meta_class."',testCode='".$meta_testCode."' WHERE name='".$meta_className."'";
               $result_update_existingClass=mysql_query($query2);
               echo ("<br>Existing Class Updated<br>");
           }
          
           else {
                if(!empty($_POST["metaclass_name"])) {
                   $query3="INSERT INTO Metaclasses Values('','".$meta_className."','".$meta_class."','".$meta_testCode."','')";
                   $result_insert_newClass=mysql_query($query3);
                   echo ("<br>New Class Created<br>");
                }
           }
           $final_eval=$meta_class . $meta_testCode;
           eval($final_eval);
        }

        elseif (!empty($_POST["select_metaclass"])) {
            if(!empty($_POST["metaclassName"])) {
                $meta_classId=$_REQUEST["metaclassName"];
                $query_selectClass_dropDown="SELECT * FROM Metaclasses WHERE id='".$meta_classId."'";
                $result_selectClass_dropDown=mysql_query($query_selectClass_dropDown);
                $row_selectDropDown=mysql_fetch_array($result_selectClass_dropDown);
                $meta_class=$row_selectDropDown["sourceCode"];
                $meta_className=$row_selectDropDown["name"];
                $meta_testCode=$row_selectDropDown["testCode"];
            }
        }    
        echo ("<HTML><HEAD><TITLE>Select Metaclass To Edit</TITLE></HEAD><BODY><BR>");          
          echo("<FORM NAME=\"form1\" METHOD=post>");
          echo("<SELECT NAME=\"metaclassName\">");
          echo("<OPTION VALUE=0>Choose Class");
          echo $options;
          echo("</SELECT><input type=\"submit\" name=\"select_metaclass\" value=\"Go\"></FORM>");
          
           echo("<FORM NAME=\"form2\" METHOD=post><B>Meta GUI & Run Test</B><BR><B>Type php Class Code:</B><br>");
            echo("<TEXTAREA rows=\"15\" cols=\"80\" NAME=\"metaclass_code\">");
            echo htmlentities($meta_class);
            echo("</TEXTAREA><BR><B>Class Name:</B> (If class exists, it will be updated. Otherwise a new record for this class will be created)<br>");
            echo("<input type=\"text\" name=\"metaclass_name\" value=\"$meta_className\"><br><br><B>Type test code:</B><br>");
            echo("<TEXTAREA rows=\"15\" cols=\"80\" NAME=\"metatest_code\">");
            echo htmlentities($meta_testCode);
            echo("</TEXTAREA><BR>");
            echo("<INPUT TYPE=\"Submit\" NAME=\"execute\" VALUE=\"Run & Save\" /></FORM></BODY></HTML>");
    
        mysql_close();
    }
}

Open in new window

Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

If those strings in the first snippet are the true credentials to your data base, you might want to change the user and password right now!
I have never seen code like this.  Can you please step back from the technical details and just tell us in plain language what this is intended to do -- from a business rules perspective, not from an information technology perspective.

There are so many things that look wrong about this that I almost don't know where to start.  The session handling is not in consonance with the standard methods.  For example, calling session_destroy() is not the way to cause a "logout."  There are function calls that can return variable values, and there are no tests for the return values.  There are function calls that always return values, and the return values are simply discarded (example line 74 in the first snippet).  Here is the PHP man page for stripslashes().
http://php.net/manual/en/function.stripslashes.php

Since it looks like part of the script is about login and logout, maybe this article will be of some help.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

I'll wait to hear the answer about the purpose (in business rules terms) before I comment further.
Avatar of pzozulka
pzozulka

ASKER

This page is not accessible to the outside world so security isn't an issue. This is for a school assignment so some of the code might not meet the standard way of coding. I'm a beginner in this. The goal in plain English: to have two tables in the database (metaclasses and GUI). GUI stores the class name, function name, and basic code that creates an object (ex. $x=new class();)

The metaclasses table stores actual class source code an in the snippets above.

The goal is when a user presses the "edit metaclasses" button on the index.php page, I first look at the GUI table to extract the class name, function name, and test code. Using these three as variables, we next look at the metaclasses table to extract the class code and EVAL it.

By the way the class code works no problem when you take it out and paste it into its own php file.

I hope this explains it from an overview perspective big you ask why it's set up this way, it's because it's part of a larger class project where the professor doesn't want us to use actual php files and wants the server to have a single file. Index.php. The rest of the files and code he wants to be inside a database.
I almost get a sense of "you can't get there from here" as I read the description, but I do not have any well-thought-out teaching examples that use eval(), mostly because when I see a large cautionary note in the online man pages, I take it to heart.  
http://php.net/manual/en/function.eval.php

Here is what I am thinking.

If you want to use a PHP class to instantiate an object, the PHP compiler has to compile the class before you can create an object instance of the class.

The PHP compiler runs and is complete before the PHP script is started.

The PHP code that accesses the data base tables is not run until after the PHP script has been compiled.

I don't know whether the eval() function reruns the entire PHP compiler process.  I will do a simple test of this and post the results here.  While I am doing that, you might want to read the user-contributed notes on eval() and pay particular attention to error handling.  There may be some hints about how to trap and report errors in eval'ed code.
OK, here is the first set of tests.  This works as expected.  You can achieve the same effect if you add a <?php start tag to the second script and call it with include().

<?php // RAY_temp_pzolzuka_eval.php
error_reporting(E_ALL);

$var = file_get_contents('RAY_temp_pzolzuka_eval.txt');
eval($var);

Open in new window

// RAY_temp_pzolzuka_eval.txt

class Pzol
{
    public function __construct($x)
    {
        $this->val = $x;
    }
    public function speak()
    {
        echo 'this->val = ' . $this->val;
    }
}

$obj = new Pzol('Hello');
$obj->speak();

Open in new window

Here is the second set of tests, and this also works.  In this test, we define the class in the eval() code, and instantiate the object in the main code.  This leads me to believe that eval() runs the entire PHP compiler all over again, and shows that the concept of using eval() to create a class definition works correctly.

<?php // RAY_temp_pzolzuka_eval.php
error_reporting(E_ALL);

$var = file_get_contents('RAY_temp_pzolzuka_evalclass.txt');
eval($var);

$obj = new Pzol('Hello Again');
$obj->speak();

Open in new window

// RAY_temp_pzolzuka_evalclass.txt

class Pzol
{
    public function __construct($x)
    {
        $this->val = $x;
    }
    public function speak()
    {
        echo 'this->val = ' . $this->val;
    }
}

Open in new window

Thanks.

In the meantime, lines 69-76 (below) of the first snippet, EVAL all the "classes" sotred in the sourceCode column of the Metaclasses table. I don't know of another way of executing this code besides EVAL, and since this is the only suggestion that our professor gave us for now, I don't know of another way of doing it.

Having said that, there are two classes that are EVAL'ed in that column that are very similar. One of them works no problem, while the other gives me the error message mentioned at the beggining of my post. Both classes work just fine when copy/pasted into their own php file and executed outside the sql table.

//EVAL ALL CLASSES
      $general_qr="SELECT * FROM Metaclasses";
      $general_res=mysql_query($general_qr);
      while($general_row=mysql_fetch_array($general_res)) {
            $general_source=$general_row["sourceCode"];
            stripslashes($general_source);
            eval($general_source);
      }


By the way, after the eval($general_source) command, I tried echo'ing $general_source, and it's outputting all the classes just fine. So I don't think that's where the problem is.

Line 148: eval($final_meta_editor) should only EVAL:
$x=new editor_metaclasses();
$x->display_metaclasses();

Since the loop in lines 69-76 EVAL'ed all the classes, line 148 should simply create an object of the class. Since echo'ing $general_source, shows the class being extracted from the table, I'm assuming its working just fine, but  the error I'm getting says otherwise -- Class 'editor_metaclasses' not found in /home/f12user09/public_html/index.php(148)
Here is the third test.  In this test, the class definition is included in the eval() code, and the object is instantiated in the eval() code.   Then the speak() method of the object is called in the main code, and it works correctly.

<?php // RAY_temp_pzolzuka_eval.php
error_reporting(E_ALL);

$var = file_get_contents('RAY_temp_pzolzuka_evalclass.txt');
eval($var);

// THE OBJECT IS INSTANTIATED IN THE eval() CODE
$obj->speak();

Open in new window

// RAY_temp_pzolzuka_evalclass.txt

class Pzol
{
    public function __construct($x)
    {
        $this->val = $x;
    }
    public function speak()
    {
        echo 'this->val = ' . $this->val;
    }
}

// INSTANTIATE THE OBJECT
$obj = new Pzol('Hello Yet Again');

Open in new window

SOLUTION
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Here is the original code snippet with a modification at line 146.  With data-dependent problems, it's always helpful to see the data.  You may need to use "view source" to see all of the data, especially if there is XML or HTML embedded.

<?php
error_reporting(E_ALL);
ini_set('display_errors', TRUE);
session_start();
$user="f12user09";
$password="ia64bit";
$database="f12user09";

mysql_connect('localhost',$user,$password);
mysql_select_db($database) or die("Unable to select database");

echo("<HTML>");
echo("<HEAD><TITLE>Login</TITLE></HEAD>");
echo("<BODY>");
echo("<br>");
echo("<FORM NAME=\"login_form\" METHOD=post>");
echo("Username: <input type=\"text\" name=\"username\"><br>");
echo("Password: <input type=\"text\" name=\"password\"><br>");
echo("<br>");
echo("<INPUT TYPE=\"Submit\" NAME=\"submit_login\" VALUE=\"Login\" />");
echo("<INPUT TYPE=\"Submit\" NAME=\"submit_logoff\" VALUE=\"Log Off\" />");
echo("</FORM>");
echo("</BODY>");
echo("</HTML>");

if(!empty($_POST["submit_logoff"])) {
	session_destroy();
	echo("Logoff Successful!");
}

if(!empty($_POST["submit_login"])) {
	$username = $_POST['username'];
	$password = $_POST['password'];
	
	$qr_login = "SELECT * FROM login where username='$username' and password='$password'";
	$res_login = mysql_query($qr_login);
	$count=mysql_num_rows($res_login);
	$array_res=mysql_fetch_array($res_login);
	$FullName = $array_res["FirstName"] . " " . $array_res["LastName"];

	if(($count==1)){
		session_register("username");
		session_register("password");
		session_start();
		echo("Welcome " . $FullName . "!");
		if(!session_is_registered(username)) {	  
			  echo("Something failed, try again!");			  
		}
	}
	else {
		echo ("Wrong Username and Password");
		session_destroy();
	}
}

if(session_is_registered(username))
{
	echo ("<HTML><HEAD><TITLE>GUIs and Classes</TITLE></HEAD><BODY><CENTER>");
	echo ("<FORM NAME=\"form_GUI\" METHOD=POST >");
	echo ("<INPUT TYPE=\"Submit\" VALUE=\"Display Box\" name=\"DisplayBox\"/>");
	echo ("<INPUT TYPE=\"Submit\" VALUE=\"Display Pseudo\" name=\"DisplayPseudo\"/>");
	echo ("<INPUT TYPE=\"Submit\" VALUE=\"Class Editor\" name=\"ClassEditor\"/>");
	echo ("<INPUT TYPE=\"Submit\" VALUE=\"Edit Metaclasses\" name=\"MetaclassEditor\"/>");
	echo ("</FORM>");
	echo ("</CENTER>");
	echo ("</BODY>");
	echo ("</HTML>");

	//EVAL ALL CLASSES
	$general_qr="SELECT * FROM Metaclasses";
	$general_res=mysql_query($general_qr);
	while($general_row=mysql_fetch_array($general_res)) {
		$general_source=$general_row["sourceCode"];
		stripslashes($general_source);
		eval($general_source);
	}

	if(!empty($_GET["c"])){
		if(!empty($_GET["f"])) {
			$varC= $_GET["c"];
			$varF= $_GET["f"];
			$qr_userVar="SELECT * FROM gui WHERE className='".$varC."' and functionName='".$varF."'";
			$res_userVar=mysql_query($qr_userVar);
			$res_row_userVar=mysql_fetch_array($res_userVar);
			$source_userVar=$res_row_userVar["source"];
			//$qr2_userVar="SELECT * FROM Metaclasses WHERE name like '".$varC."'";
			//$res2_userVar=mysql_query($qr2_userVar);
			//$res_row_userVar=mysql_fetch_array($res2_userVar);
			//$sourceC_userVar=$res_row_userVar["sourceCode"];
			$final_userVar=$source_userVar;
			stripslashes($final_userVar);
			eval($final_userVar);
		}
	}
	else {
		if(!empty($_POST["DisplayBox"])) {
			$qr="SELECT * FROM gui WHERE id=1";
			$res=mysql_query($qr);
			$res_row_gui=mysql_fetch_array($res);
			$varClassName=$res_row_gui["className"];
			$sourceCodeGUI=$res_row_gui["source"];
			//$qr2="SELECT * FROM Metaclasses WHERE name like '".$varClassName."'";
			//$res2=mysql_query($qr2);
			//$res_row_meta=mysql_fetch_array($res2);
			//$sourceC=$res_row_meta["sourceCode"];
			$final=$sourceCodeGUI;
			stripslashes($final);
			eval($final);
		}

		elseif(!empty($_POST["DisplayPseudo"])) {
			$qr_pseudo="SELECT * FROM gui WHERE id=2";
			$res_pseudo=mysql_query($qr_pseudo);
			$res_row_gui_pseudo=mysql_fetch_array($res_pseudo);
			$varClassNamePseudo=$res_row_gui_pseudo["className"];
			$sourceCodeGUI_pseudo=$res_row_gui_pseudo["source"];
			//$qr2_pseudo="SELECT * FROM Metaclasses WHERE name like '".$varClassNamePseudo."'";
			//$res2_pseudo=mysql_query($qr2_pseudo);
			//$res_row_meta_pseudo=mysql_fetch_array($res2_pseudo);
			//$sourceC_pseudo=$res_row_meta_pseudo["sourceCode"];
			$final_pseudo=$sourceCodeGUI_pseudo;
			stripslashes($final_pseudo);
			eval($final_pseudo);
		}

		elseif((!empty($_POST["ClassEditor"])) || (!empty($_POST["select_class"])) || (!empty($_POST["class_and_test"])) ) {
			$qr_editor="SELECT * FROM gui WHERE id=3";
			$res_editor=mysql_query($qr_editor);
			$res_row_gui_editor=mysql_fetch_array($res_editor);
			$varClassNameEditor=$res_row_gui_editor["className"];
			$sourceCodeGUI_editor=$res_row_gui_editor["source"];
			//$qr2_editor="SELECT * FROM Metaclasses WHERE name like '".$varClassNameEditor."'";
			//$res2_editor=mysql_query($qr2_editor);
			//$res_row_meta_editor=mysql_fetch_array($res2_editor);
			//$sourceC_editor=$res_row_meta_editor["sourceCode"];
			$final_editor=$sourceCodeGUI_editor;
			stripslashes($final_editor);
			eval($final_editor);
		}
		
		elseif((!empty($_POST["MetaclassEditor"])) || (!empty($_POST["select_metaclass"])) || (!empty($_POST["execute"])) ) {
			$qr_meta_editor="SELECT * FROM gui WHERE id=4";
			$res_meta_editor=mysql_query($qr_meta_editor);
			$res_row_gui_meta_editor=mysql_fetch_array($res_meta_editor);
			
			// LET US SEE WHAT IS IN THE QUERY RESULTS SET
			var_dump($res_row_gui_meta_editor);
			
			$sourceCodeGUI_meta_editor=$res_row_gui_meta_editor["source"];
			$final_meta_editor=$sourceCodeGUI_meta_editor;
			stripslashes($final_meta_editor);
			eval($final_meta_editor);
		}
	}
}
				
	mysql_close();

Open in new window

Try running this and see if anything jumps out at you, like a misspelled variable name.  In PHP class and function names are not case-sensitive, but variable names are case-sensitive and must match exactly.
I think my situation reflects your second test. I don't want to instantiate the object of the class until the user click the button, at which point I will instantiate the object, and run one of its functions. I see nothing wrong with that.

The reason I'm using stripslashes, is because the data being extracted from the sql column source code has code that looks like this:

echo ("<INPUT TYPE=\"Submit\" NAME=\"test\" VALUE=\"Testing\" />");

Those slashes forcfully ignore the quotation marks I want to ignore. This works fine when inside a php file, however, when you force that into a sql database, and try to EVAL that code it freaks out because of the slashes.

That's why I'm stripping the slashes, but I think you're right about why it's not working. I will try:

$x = stripslashes($general_source);
eval($x);
OK, I'll take a look at the var_dump as well, but I don't think we're going to see any mispellings or case-sensitivity because if I extract that code into its own PHP file (forgetting about sql databases) it runs just fine.

I literally copied/pasted the working code from a php file into a sql table, taking out the <?php tags because when I call that code back from the sql table, it's already going to be inside <?php tags.
I do not know of any reason why a text string would be different when it came from a data base versus a flat file.  There are some edge-cases with certain text editors, including byte-order marks, but those would be unlikely.

One thing that can maybe save you some typing... You do not need the parentheses around the echo string. PHP echo is not a function call; it is a language construct.  About the only thing the parentheses can do with echo is cause a parse error if they are unbalanced.  So the following lines are all the same:
echo 'Hello';
echo ('Hello');
echo ((('Hello')));
http://php.net/manual/en/function.echo.php
Here are the results of the var_dump you asked for. Also the stripslashes solution:

$x = stripslashes($general_source);
eval($x);

 did not work. In fact it made one of the other buttons stop working.


{ [0]=> string(1) "4" ["id"]=> string(1) "4" [1]=> string(18) "editor_metaclasses" ["className"]=> string(18) "editor_metaclasses" [2]=> string(19) "display_metaclasses" ["functionName"]=> string(19) "display_metaclasses" [3]=> string(56) "$x=new editor_metaclasses(); $x->display_metaclasses();" ["source"]=> string(56) "$x=new editor_metaclasses(); $x->display_metaclasses();" }
made one of the other buttons stop working
Sorry, but that kind of thing is like saying, "My car won't start."  Probably there is a variable name collision on $x, but without specifics about errors including the code, data, and messages we can't begin to start the diagnostic process.  You might try a common-sense equivalent with a different variable name, like changing $x to $y, but please only do this if you know that $y is not a variable that is already in the symbol table!

$y = stripslashes($general_source);
eval($y);

If that doesn't help you, then I think you need to take this one to your professor.  Without your data base I cannot test anything, and as I wrote before, I have pretty strong real-world knowledge of PHP (I even teach it professionally) and this coding construct is unlike anything that I have ever seen.

Best regards, ~Ray
Thanks for all your help Ray, I didn't use the $y variable, I actually created a brand new variable called $general_source_var or something like that.

I'm going to try to copy the code from the button that does work, and then slowly start making changes to it.

I'll report back later tonight if I find the problem. I still have a strong feeling it has something to do with stripslashes.

Just one question going back to my original post. Does the below error code tell you anything?

Class 'editor_metaclasses' not found in /home/f12user09/public_html/index.php(148) : eval()'d code on line 1
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of hielo
What does the following show?

//EVAL ALL CLASSES
      $general_qr="SELECT * FROM Metaclasses";
      $general_res=mysql_query($general_qr);
      while($general_row=mysql_fetch_assoc($general_res)) {
            $general_source=$general_row["sourceCode"];
            $general_source=stripslashes($general_source);
echo '<hr><pre>',$general_source,'</pre><hr>';
            eval($general_source);
      }

The way I am understanding this, is that the problem lies on line 66 of whatever you have in $general_source.  So, what is on line 66 of that source code?
Not sure what the difference is, but I made changes to the second script that was mentioned in the original post to the one below, and now its working fine.

<?php

class meta {

    function display_meta() {
    
        $query00="SELECT id, name FROM Metaclasses ORDER BY name";
        $result_select_classNames0 = mysql_query($query00);
        
        $num00=mysql_num_rows($result_select_classNames0);
        $options0="";
        
		while($row0=mysql_fetch_array($result_select_classNames0)) {
			$classId10=$row0["id"];
			$className10=$row0["name"];
			$options0.="<OPTION VALUE=" . $classId10. ">".$className10. "</OPTION>";
        } 
		
        if(!empty($_POST["execute"])) {
           if (!empty($_POST["metaclass_code"]))  {
                 $meta_class= $_POST["metaclass_code"];
                 $meta_class=stripslashes($meta_class);
                 
           }
            if (!empty($_POST["metaclass_name"]))  {
                 $meta_className= $_REQUEST["metaclass_name"];
                 $meta_className=stripslashes($meta_className);
            }    
            if (!empty($_POST["meta_test_code"]))  {
                 $meta_testCode= $_REQUEST["meta_test_code"];
                 $meta_testCode=stripslashes($meta_testCode);
                
           }
          
           $query10="SELECT * FROM Metaclasses WHERE name = '".$meta_className."'";
           $result_select_existingClass0=mysql_query($query10);
           $num10=mysql_num_rows($result_select_existingClass0);
  
          if($num10>0) {
               $query20="Update Metaclasses SET sourceCode='".$meta_class."',testCode='".$meta_testCode."' WHERE name='".$meta_className."'";
               $result_update_existingClass0=mysql_query($query20);
               echo ("<br>Existing Class Updated<br>");
           }
          
           else {
                if(!empty($_POST["metaclass_name"])) {
                   $query30="INSERT INTO Metaclasses Values('','".$meta_className."','".$meta_class."',1,'".$meta_testCode."')";
                   $result_insert_newClass0=mysql_query($query30);
                   echo ("<br>New Class Created<br>");
                }
           }
        }
		
		if(!empty($_POST["run"])) {
			if(!empty($_POST["meta_test_code"]))  {
                 $meta_testCode1= $_POST["meta_test_code"];
                 $meta_testCode1=stripslashes($meta_testCode1);
            }
			eval($meta_testCode1);
        }

        elseif (!empty($_POST["select_metaclass"])) {
            if(!empty($_POST["name"])) {
                $meta_classId=$_POST["name"];
                $query_selectClass_dropDown0="SELECT * FROM Metaclasses WHERE id='".$meta_classId."'";
                $result_selectClass_dropDown0=mysql_query($query_selectClass_dropDown0);
                $row_selectDropDown0=mysql_fetch_array($result_selectClass_dropDown0);
                $meta_class=$row_selectDropDown0["sourceCode"];
                $meta_className=$row_selectDropDown0["name"];
                $meta_testCode=$row_selectDropDown0["testCode"];
            }
        }    
		echo ("<HTML><HEAD><TITLE>Select Page To Edit</TITLE></HEAD><BODY><BR>");          
		echo("<FORM NAME=\"form10\" METHOD=post>");
		echo("<SELECT NAME=\"name\">");
		echo("<OPTION VALUE=0>Choose Class");
		echo $options0;
		echo("</SELECT><input type=\"submit\" name=\"select_metaclass\" value=\"Go\"></FORM>");

		echo("<FORM NAME=\"form20\" METHOD=post><B>Meta GUI & Run Test</B><BR><B>Type php Class Code:</B><br>");
		echo("<TEXTAREA rows=\"15\" cols=\"80\" NAME=\"metaclass_code\">");
		echo htmlentities($meta_class);
		echo("</TEXTAREA><BR><B>Metaclass Name:</B> (If class exists, it will be updated. Otherwise a new record for this class will be created)<br>");
		echo("<input type=\"text\" name=\"metaclass_name\" value=\"$meta_className\"><br><br><B>Type test code:</B><br>");
		echo("<TEXTAREA rows=\"15\" cols=\"80\" NAME=\"meta_test_code\">");
		echo htmlentities($meta_testCode);
		echo("</TEXTAREA><BR>");
		echo("<INPUT TYPE=\"Submit\" NAME=\"run\" VALUE=\"Run\" />");
		echo("<INPUT TYPE=\"Submit\" NAME=\"execute\" VALUE=\"Save\" /></FORM></BODY></HTML>");
    
    }
}




?>	

Open in new window