Ulrik S. Kofod wrote:
Justin Patrin sagde:
Ulrik S. Kofod wrote:
Why are you using eval? Eval is slow and is a hack... Just do: $y = $$x;
if(isset($y)) { echo "<p>$x:$y</p>"; } }
True ! I just tested it with both eval and $$, and $$ seems to be about 3 to 4 times faster than eval BUT if you are processing less than 10000 variables then there is no noticeable difference.
Sorry I suggested eval!
but I think it is easier to read the program when using eval as it is more eye catching than just an extra $ that is easily missed.
Well, eval can also easily be a security vulnerability... Using $$x means that you *will* be using $x as the var name. Consider this:
$x = 'varName; `rm -rf /`';
eval("\$y = \$$x;");This will produce the PHP code:
$y = $varName; `rm -rf /`';
Which will be evaled and delete files from your system.
$y = $$x; will take the value of the variable with the name of what's in $x. You can even do:
$x = '"I am an invalid var name!"'; $$x = 'abc'; $y = $$x;
Even though what's in x isn't a valid normal variable name, this will work. Strange, huh?
AFAIK the eval code looks very similar to my code as it also has $$. IMHO, it's harder to read eval code.
-- paperCrane <Justin Patrin>
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
