开发者

PHP preg_replace - How to get the same result without `/e` `eval` - improved security and speed performance?

How to get the same result without /e eval - improved sec开发者_StackOverflow中文版urity and speed performance?

function finclude($file){
    return include($file);
}

$str = "Today is {include 'date.php'}.";
echo preg_replace("/\{include '(.*)\'}/e", 'finclude("$1")', $str);

date.php:

<?php return date('jS \of F'); ?>, 2011

Result: Today is 20th of July.


You can use preg_replace_callback

echo preg_replace_callback("/\{include '(.*)\'}/", function($m) {
  return include($m[1]);
}, $str);


You could use preg_replace_callback() :

echo preg_replace_callback("/\{include '(.*)\'}/", function ($matches) {
    // TODO, here : some test on $matches[1], to make sure that including it is safe
    return include $matches[1];
}, $str);


echo preg_replace_callback("/\{include '(.*)\'}/", function($matches){finclude($matches[1]);}, $str);
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜