如何在没有评估的情况下输出此动态数据? [英] How can I output this dynamic data without eval?

问题描述

我一直在以MVC风格编写CMS，并使用Template类通过file_get_contents提取所需的各种文件

I've been writing a CMS in MVC style and have used a Template class to pull in the various files required via file_get_contents

最后我要做

eval('?>'.($template).'<?');

知道eval是邪恶的，我该如何替代刷新该数据，以便PHP实际呈现代码?

Knowing that eval is evil, how can I alternatively flush this data so the PHP actually renders the code?

目前，一旦所有内容加载完毕，Template类便会执行此操作.模板类是否有可能将此代码作为变量返回到我的index.php，然后运行某些东西使其执行?

At the moment the Template class does this once everything's been loaded. Is it possible for the Template class to return this code to my index.php as a variable and then run something to make it execute?

我遇到的每个编码MVC样式网站的示例都使用eval来解决问题.

Every example of coding an MVC style site I've come across uses eval to solve the problem.

另一个相关问题-我知道eval可用于运行用户输入的恶意代码，但是其他功能不会遭受同样的命运吗?如果我将任何用户内容转换为html实体，这是否可以克服?

An additional related question - I understand eval can be used to run malicious user-inputted code, but wouldn't some other function suffer the same fate? If I turn any user content into html entities, wouldn't this overcome this?

我的方法很可能是有缺陷的，但是它遵循了我一直在阅读的示例，这就是为什么我渴望看到另一种可以避免评估的方法.

Quite possibly my method is flawed, but it follows the examples I've been reading, which is why I'm keen to see another method that avoids eval.

我确实找到了实现相同功能的代码段:

I did just find this snippet which achieves the same thing:

function interpolate( $string ){
        foreach ($GLOBALS as $name => $value){

            $string = str_replace( '$'.$name, $value, $string );
        }

        $string = preg_replace( '/[$]\\w+/', '', $string );
        return $string;

    }

通过用正确的内容替换变量，这有效地呈现了所有代码.

This effectively renders all the code by replacing the variables with their correct content.

推荐答案

在我的模板中，我使用输出缓冲来捕获包含的脚本.包含的代码与任何其他包含的文件一样运行.伪:开始缓冲区，包括文件，捕获缓冲区，擦除缓冲区.这是一个简短的示例:

in my templates I use output buffering to capture a script that is included. the included code is run just like any other included file. pseudo: start buffer, include file, capture buffer, erase buffer. here is a short example:

//just the name of a template file to include.
$template = "someFile.tpl";
//start output buffering
ob_start();
//include the file. It has full access to all vars and runs
//code just like any other included script.
include($template);
//get anything output by the buffer during the include
$template_output = ob_get_contents();
//clean out the buffer because we already got the contents.
ob_end_clean();

运行之后，$template_output将在其中运行任何代码后由包含的文件输出任何内容.这允许我在处理视图"时使用循环和var等.

After that runs, $template_output would have anything output by the included file after it has run any code inside. This allows me to use loops and vars and such when processing a 'view'.

不过请注意，这是在我的个人网站上使用的，我是唯一更改模板文件的人.我不允许其他人编辑模板文件，因为这太愚蠢了.

Please note though, this is used on my personal site where I am the only one making changes to the template files. I do not allow anyone else to edit the template files as that would be ridiculously dumb.

这篇关于如何在没有评估的情况下输出此动态数据?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！