PHP create_function,函数没有分号?
基本上,我想知道的是,对于 create_function 函数中的第二个参数,是否可以传递不带分号的字符串?或者它不会起作用。
示例:
taken from php.net
create_function('$a,$b', 'return "CRCs: " . crc32($a) . " , ".crc32(b);'),
请注意字符串中有一个分号。有没有可能有人可以输入一个不带分号的函数,该函数仍然可以运行/评估?
basically, what i want to know is, for the second parameter in the create_function function, is there anyway to pass a string without a semicolon? or will it not work.
example:
taken from php.net
create_function('$a,$b', 'return "CRCs: " . crc32($a) . " , ".crc32(b);'),
notice that there is a semicolon in the string. is there any possible way someone can enter a function without a semicolon that will still run/evaluate?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
使用 create_function() 您可以创建一个匿名函数。第二个参数是一个字符串,它是函数的代码(就像您编写的任何其他函数一样)。它不必以分号结尾,例如:
以“}”结尾并打印出:是和否!
With create_function() you're creating an anonymous function. The second parameter is a string that is the code of the function (like any other function you'd write). It doesn't have to end in a semicolon, for example:
Ends in a '}' and prints out: Yes and no!
不,这是不可能的。 PHP 对分号敏感,您必须使用它来终止右大括号之前的每个语句。我什至尝试了这样的常规函数:
它会抛出一个语法错误,与 JavaScript 不同。
No it is not possible. PHP is semicolon-sensitive, that you must use it to terminate every statements before right braces. I even tried regular function like this:
and it spitted out a syntax error, unlike in JavaScript.
在使用任何用户输入之前,您应该始终对其进行清理。
我建议您在用户输入中查找分号,如果缺少,请追加它。
如果用户可以在这里输入任何内容,如果他输入无效的函数名称或只是垃圾,那么您仍然会遇到问题。
您可以使用 preg_match() 进行验证(尽管我不是专家在怀孕期间,所以我会让其他人帮助你)。
You should always sanitize any user input before using it.
I suggest that you look for the semicolon in the user input, if it is missing, append it.
If the user can enter anything here you still have a problem if he enters an invalid function name or just rubbish.
You can validate with preg_match() (although I'm not an expert on preg so I will let someone else help you out there).
首先,为什么需要它?这是创建函数的一种非常肮脏的方式。希望是因为您想创建一个人们可以直接创建函数的界面(这仅适合您,否则将是一个很大的安全问题)。我真的不明白你想如何使用它。
无论如何,对于你的问题,你不必关心它是否有效。我的意思是,只要测试它是否有效,如果不是就自己加一个分号。这只是对字符串的简单测试。
First, why do you need that ? That's a really dirty way to create a function. Hope because you want to make a interface where people can directly create a function (and this will be only for you or it'll be a big security issue). I don't really get how you want to use that.
Anyway, for you question, you don't have to care if it's working or not. I mean, just test if it's working, if not just put by yourself a semicolon. It's just a simply test on a string.