CodeIgniter Forums
Escapting String for Eval - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: Escapting String for Eval (/thread-8869.html)



Escapting String for Eval - El Forum - 06-03-2008

[eluser]CodeIgniterNewbie[/eluser]
Assume I have a function that accepts one string argument:

Code:
function foo($bar)

Assume also that I will execute this function via Eval:

Code:
eval("foo($string-from-form);");

As suggested by the above snippet, the value for the argument will come from form input.

QUESTION: how do I prepare the form input so that it doesn't cause an problems when it is passed to the function inside the eval? "addslashes" doesn't seem to be sufficient; I still get failures if I try to enter something with a double quote (and probably a few other characters).

The string argument is to be stored in an object, then later stored in MySQL.


Escapting String for Eval - El Forum - 06-03-2008

[eluser]stuffradio[/eluser]
Did you try:
Code:
$this->load->helper('security');

In your eval thing
Code:
eval(foo($this->xss_clean($bar));

Would that work?


Escapting String for Eval - El Forum - 06-03-2008

[eluser]CodeIgniterNewbie[/eluser]
I want a non-CI approach to this. This is for a library I am developing, which I do not want to couple to CI.