Welcome Guest, Not a member yet? Register   Sign In
Escapting String for Eval
#1

[eluser]CodeIgniterNewbie[/eluser]
Assume I have a function that accepts one string argument:

Code:
function foo($bar)

Assume also that I will execute this function via Eval:

Code:
eval("foo($string-from-form);");

As suggested by the above snippet, the value for the argument will come from form input.

QUESTION: how do I prepare the form input so that it doesn't cause an problems when it is passed to the function inside the eval? "addslashes" doesn't seem to be sufficient; I still get failures if I try to enter something with a double quote (and probably a few other characters).

The string argument is to be stored in an object, then later stored in MySQL.
#2

[eluser]stuffradio[/eluser]
Did you try:
Code:
$this->load->helper('security');

In your eval thing
Code:
eval(foo($this->xss_clean($bar));

Would that work?
#3

[eluser]CodeIgniterNewbie[/eluser]
I want a non-CI approach to this. This is for a library I am developing, which I do not want to couple to CI.




Theme © iAndrew 2016 - Forum software by © MyBB