+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Escapting String for Eval (/showthread.php?tid=8869)
Escapting String for Eval - El Forum - 06-03-2008
[eluser]CodeIgniterNewbie[/eluser]
Assume I have a function that accepts one string argument:
Code:
function foo($bar)Assume also that I will execute this function via Eval:
Code:
eval("foo($string-from-form);");As suggested by the above snippet, the value for the argument will come from form input.
QUESTION: how do I prepare the form input so that it doesn't cause an problems when it is passed to the function inside the eval? "addslashes" doesn't seem to be sufficient; I still get failures if I try to enter something with a double quote (and probably a few other characters).
The string argument is to be stored in an object, then later stored in MySQL.
Escapting String for Eval - El Forum - 06-03-2008
[eluser]stuffradio[/eluser]
Did you try:
Code:
$this->load->helper('security');In your eval thing
Code:
eval(foo($this->xss_clean($bar));Would that work?
Escapting String for Eval - El Forum - 06-03-2008
[eluser]CodeIgniterNewbie[/eluser]
I want a non-CI approach to this. This is for a library I am developing, which I do not want to couple to CI.