If I have a string variable in, for example, this form
$text = "<table><tr><td>Current Value</td><td><? include(\"http://somedomain.com/curval.php\");?></td></tr></table>";
Is there any way to evaluate that include? I do not have access to edit curval.php.
I tried a few things but they didnt work.
Any suggestions would be greatly appreciated.
try read this one first
http://www.php.net/eval
Use eval, but make sure to break it apart at the <? and ?>, as ONLY PHP can go inside the eval(). Also, make sure to remove the <? and ?> tags (as well as <?php, if you have it).
Mordecai is wrong, this will work:
<?php
$string = "<table><tr><td><?php print (\"Keith Rules!\"); ?></td></tr></table>";
eval (" ?> " . $string . " <?php ");
?>
Your code is similar, make sure you do this:
eval (" ?> " . $your_string_here . " <?php ");
or you'll get parse error in the eval'ed code.
What if its more complicated than just that? I.E. Many many lines of HTML code - like a full page?
<html>
<head><title>PAGE</title></head>
<body bgcolor=#123456>
<table>
<tr>
<td>Current</td>
<td><?include ("current.php");?></td>
</tr>
</table>
</body>
</html>
I tried to do what was mentioned and I got parse errors in the eval()'d code. Any othere recommended methods?
Oh and, also, eval would put the results directly into the browser, wouldnt it? I would need to perform some additional functions on the text. Is it possible to get it into a variable from there?
I.E.
$text = "---several
lines
of
html
code---
<? include ("current.php");?>
---several
more
lines
of
html
code---";
I do the magic on it and now its
$text = "---several
lines
of
html
code---
Today's secret word is:
<a href="http://dictionary.reference.com/search?q=fortnight">[fortnight]</a>
---several
more
lines
of
html
code---";
(current.php doesnt really do that, but it works for the demonstration purposes.) Basically, is there a way to store it into the variable instead of printing it directly to the browser...
Hi there
I had a similar problem a while ago.
I solved it with brute force:p
Here is a rough version:
<?php
function streval($code) {
ob_start();
eval($code);
return ob_get_clean();
}
function mixeval($str) {
if(preg_match_all("/(?
?:<\?php )|(?:<\? ))(.*)?(?:\?>)/Ui",$str,$matches,PREG_PATTERN_ORDER)) {
for($i = 0; $i < count($matches[1]); $i++) {
$replace = streval($matches[1][$i]);
$str = preg_replace("/".preg_quote($matches[0][$i])."/U",$replace, $str, 1);
}
}
return $str;
}
echo mixeval("<B><?php include(\"obi.php\"); ?></B> <I><? echo \"Hello\";?></I> <U>there</U>");
?>
The function mixeval differs from eval since it doesn't allow pure PHP code to be evaluated.
Originally posted by jmfreema
What if its more complicated than just that? I.E. Many many lines of HTML code - like a full page?
<html>
<head><title>PAGE</title></head>
<body bgcolor=#123456>
<table>
<tr>
<td>Current</td>
<td><?include ("current.php");?></td>
</tr>
</table>
</body>
</html>
I tried to do what was mentioned and I got parse errors in the eval()'d code. Any othere recommended methods?
EVAL() only evaluates the code.... if there is no output code ie. ECHO PRINT PRINTF etc etc... no output will occur, just do $variable = eval(yourstuff here);
what you could do is write a function whose output is what you want and then call that from inside the string.
Or you could do this
$aryStr = split("[<?|?>]",$myString);
foreach($aryStr as $curString) {
if(str_pos("php",$curString)) {
eval(substr($curString,4));
} //end if
} //end for
NOTE: This will only execute code surrounded by <?php ?> and it will remove <? and ?> from the output.
The preg_match_all in my previous message didn't work for multiline code so it was pretty useless in this case.
I rewrote it a bit and this worked better.
The key in this code is the capture of output buffering in streval that reclaims the code sent to the browser by eval.
function streval($code) {
ob_start();
eval($code);
$temp = ob_get_contents();
ob_end_clean();
return $temp;
}
function mixeval($str) {
$result = "";
while(($n = strpos($str,"<?")) !== false) {
$result .= substr($str, 0, $n);
if(substr($str, $n+2, 3) == "php") {
$str = substr($str, $n + 5, strlen($str));
} else {
$str = substr($str, $n + 2, strlen($str));
}
if(($n = strpos($str, "?>")) !== false) {
$result .= streval(substr($str, 0, $n));
$str = substr($str, $n + 2, strlen($str));
} else {
return $result;
}
}
return $result.$str;
}
Maybe it's not the most efficient stringhandling but it gets the job done 
sample.txt
<html>
<head><title><?php echo "Insert witty title here";?></title></head>
<body>
<?php echo "This is some gratuitous PHP-generated text.";?><br>
<?php echo "Not quite so gratuitous this bit: it contains a $variable";?><br>
test.php
<?php
$myhtml = join('',file('sample.txt'));
$variable = 'string!';
eval("?>".$myhtml);
echo "And just to show there's no hard feelings.<br>";
?>
<body></html>
If you got parse errors in the eval'd() code it means... well... just that, that there were parse errors in your code, ie the code that got eval'd() is broken, cause you did something wrong in it. Fix that code then it will work.
My guess about the failure of preg_match_all is because the 's' modifier switch wasn't used.
Yepp, it worked if you substituted Ui with Usi.
I've heard that an Uzi can make things happen but in this case a Usi was enough.
<?php
function mixeval($str) {
if(preg_match_all("/(?:(?:<\?php)|(?:<\?))(.*)?(?:\?>)/Usi",$str,$matches,PREG_PATTERN_ORDER)) {
for($i = 0; $i < count($matches[1]); $i++) {
$replace = streval($matches[1][$i]);
$str = preg_replace("/".preg_quote($matches[0][$i])."/U",$replace, $str, 1);
}
}
return $str;
}
?>the streval function is still the same as above (or below depending on how the list is sorted 
I've put a class containing this as http://www.phpclasses.org/browse.html/package/1283.html and it should be up in a few days.