问题
I know that by using eval($code_to_check); we can check if this value equals FALSE and if so, we can stop execution of the script. However, the problem I'm facing is that I am unable to define a function, because it gets called twice... it gets processed with the eval() check to be sure there are no syntax errors and than processes the function again, but shows an error that states that it can NOT REDECLARE this function, as it is already being declared in the eval'd function. How can I make it so that we don't declare things in the EVAL'd function, or perhaps, we can undeclare everything that was declared in the eval() function before we actually do call it...
Anyways, here is what I'm working with so far... Could use some help, cause I am getting a "CAN NOT REDECLARE FUNCTION" when $content (which is php code) has a function within it.
// PHP Syntax errors?
if (!@eval('return true;' . $content))
{
// Error found in PHP somewhere. Call error function and return out of here!
call_user_func_array($code_error['function'], $code_error['params']);
return;
}
else
{
ob_start();
eval($content);
$code = ob_get_contents();
ob_end_clean();
}
Can anyone please help me here? Thanks guys, you are all so very helpful here! You all deserve a GOLD MEDAL, but I believe the Olympics are now over and this isn't quite a sport yet...
Ok, I am attempting my own answer here, and wondering if this will still catch errors and allow for functions to be created at the same time without calling these functions twice. Is this a proper way of doing this?? Can anyone see any possible problems in this code? I am echoing the $eval_code if no syntax errors detected... is this fine to do?
$eval_code = @eval($content);
// PHP Syntax errors?
if ($eval_code === FALSE)
{
call_user_func_array($code_error['function'], $code_error['params']);
return;
}
else
{
ob_start();
echo $eval_code;
$code = ob_get_contents();
ob_end_clean();
}
回答1:
$checkResult = exec('echo \'<?php ' . escapeshellarg($code_to_check) . '\' | php -l >/dev/null 2>&1; echo $?');
if ($checkResult != 0) {
throw new \RuntimeException("Invalid php");
} else {
$result = eval($code_to_check);
}
回答2:
You can also use a new but very popular and stable tool PHPStan for these kinds of checks.
Here you can read a short and simple tutorial, how to use it.
回答3:
If you check PHP Documentation for eval(), this is the description:
eval — Evaluate a string as PHP code
However, PHP Documentation, itself says that eval is a dangerous construct:
Caution
The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.
So, be careful when using eval, very careful. Now back to your question.
I think what you need here is a tool that can help you with Syntax checking to detect violations of a defined coding standard. I use ESLint to check violations in Javascript code. For PHP I use both PHPStorm and Sublime Text, and I use PHP Lint and PHPCS. Instead doing eval, I suggest you use one of these OR combination of these tools to achieve you objective.
If you are using Jetbrains PHPStorm, you can find these plugins here:
- https://www.jetbrains.com/help/phpstorm/2016.2/using-php-code-sniffer-tool.html
- https://plugins.jetbrains.com/plugin/7887?pr=phpStorm I personally prefer to use PHPStorm, it is really among the best PHP IDE out there.
If you prefer to use Sublime, here are the plugins for you:
- https://github.com/SublimeLinter/SublimeLinter-php
- https://github.com/SublimeLinter/SublimeLinter-phplint
- https://github.com/benmatselby/sublime-phpcs
My point is, a good combination of these tools should be enough to ensure sanity of your code.
-Thanks
来源:https://stackoverflow.com/questions/11944574/php-check-php-code-for-syntax-errors-without-running-the-code