Escapting String for Eval - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Escapting String for Eval (/showthread.php?tid=8869) |
Escapting String for Eval - El Forum - 06-03-2008 [eluser]CodeIgniterNewbie[/eluser] Assume I have a function that accepts one string argument: Code: function foo($bar) Assume also that I will execute this function via Eval: Code: eval("foo($string-from-form);"); As suggested by the above snippet, the value for the argument will come from form input. QUESTION: how do I prepare the form input so that it doesn't cause an problems when it is passed to the function inside the eval? "addslashes" doesn't seem to be sufficient; I still get failures if I try to enter something with a double quote (and probably a few other characters). The string argument is to be stored in an object, then later stored in MySQL. Escapting String for Eval - El Forum - 06-03-2008 [eluser]stuffradio[/eluser] Did you try: Code: $this->load->helper('security'); In your eval thing Code: eval(foo($this->xss_clean($bar)); Would that work? Escapting String for Eval - El Forum - 06-03-2008 [eluser]CodeIgniterNewbie[/eluser] I want a non-CI approach to this. This is for a library I am developing, which I do not want to couple to CI. |