I suggest you take a look at the string functions and the htmlentities functions, so you may pluck your "needles" from the string "haystacks" of your passed form data submitted..
- When user writes in HTML code this function concat('a','b') i need to know that concat function has to be executed, and that everythink what is inside ( ) is variable of this function.
First find concat and then substring it to the ')' You could then explode on the ',' and pluck the "variables" from between the quotes, assigning that to the real variables you will pass to your function by matching the "needle" searched for.
You would have to parse for the needles, much like php parses, so streams will help here. I would suggest you work off anarray base of functions and "walk the array" looking for your matches.
- Very similar situation, but more complex -> concat('a', 'b', concat('c','d')) -> function concat shoud be executed with variables, where one of them is another function with some variables, which return some result
Same as above, but "inner" is caught inside the "outer", so you would have to double parse the "haystack"..
- Another situation is when user writes this : concat($test, 'a') -> as you already know function concat shoud be executed with given variables where first is php variable
You can use expression syntax for this, see variable variables in the manual for more info.
- user writes : ($test + $test2) -> in this case shoud be done normal math function (if both php variables are integers)
You would have no way of knowing if integers where passed, so you would have to cast all to integers here..
If you are planning this online, you will be opening your server(s) to major security breaches without lots of validation....
Have phun!
