PHP preg_replace - How to get the same result without `/e` `eval` - improved security and speed performance?
How to get the same result without /e
eval
- improved sec开发者_StackOverflow中文版urity and speed performance?
function finclude($file){
return include($file);
}
$str = "Today is {include 'date.php'}.";
echo preg_replace("/\{include '(.*)\'}/e", 'finclude("$1")', $str);
date.php:
<?php return date('jS \of F'); ?>, 2011
Result: Today is 20th of July.
You can use preg_replace_callback
echo preg_replace_callback("/\{include '(.*)\'}/", function($m) {
return include($m[1]);
}, $str);
You could use preg_replace_callback()
:
echo preg_replace_callback("/\{include '(.*)\'}/", function ($matches) {
// TODO, here : some test on $matches[1], to make sure that including it is safe
return include $matches[1];
}, $str);
echo preg_replace_callback("/\{include '(.*)\'}/", function($matches){finclude($matches[1]);}, $str);
精彩评论