Json_encode user input (php code) without eval? -
i want return json_encoded string form input this
<input name="test" value="array(1,2,3)"> php should return: [1,2,3]
i can achieve eval doing : eval("\$str=json_encode($test);");
but running eval on user input sounds asking trouble.
any other options?
here approach run php code string without using eval
function fakeeval($phpcode) { $tmpfname = tempnam("/tmp", "fakeeval"); $handle = fopen($tmpfname, "w+"); fwrite($handle, "<?php\n" . $phpcode); fclose($handle); include $tmpfname; unlink($tmpfname); return get_defined_vars(); } extract(fakeeval('$test='. $_post['test'].';')); $json = json_encode($test);
Comments
Post a Comment