Forum Moderators: coopster
Before anyone mentions the security threat that this could pose, it will be htaccess protected, and will only be available for me to use for testing purposes only.
For Example:
In the text area I type
<?
echo "Hello World"
?>
And in my script:
<?
$foo = $_POST['php'];
//Then something to parse $foo so that Hello World is echoed
?>
Thanks in advance
Chris
[uk.php.net...]
<?
if(!isset($_POST['php'])){
?>
<form method="post" action="">
<textarea name="php" cols="100" rows="20" id="php"></textarea><input name="" type="submit">
</form>
<?
}else{
$code = $_POST['php'];
eval("\$php = \"\$code\"");
}
?>
eval("\$php = \"\$code\"");
Have you tried it without the "$php ="?
If you're still having problems, the first thing to do is bypass the form side of things and just make sure that eval() is working as you would expect. Once that works, then try incorporating your form code but using the exact same PHP that you just tried directly.
$code = 'echo "Hello World";';
eval($code);
However when I changed the code back to:
$code = $_POST['php'];
eval($code);
and typed echo "Hello World"; into the text box and submitted it I got the following error:
Warning: Unexpected character in input: '\' (ASCII=92) state=1 in C:\Program Files\Apache Group\Apache2\www\testphp.php(23) : eval()'d code on line 1Parse error: syntax error, unexpected $end in C:\Program Files\Apache Group\Apache2\www\testphp.php(23) : eval()'d code on line 1
Chris
