自定义解析函数PHP [英] Custom parsing function PHP

问题描述

我正在尝试从以下功能中删除评估。我尝试了 sprintf 和 $ {} ，但是仍然找不到解决方案。

I'm trying to remove eval from the following function. I tried with sprintf and ${} , but still cannot find a solution.

这里的功能：

function parseDbString(string $value = 'Looking for a good {{ $pippo }}'){
    $pippo='Pizza';
    return preg_replace_callback('/{{(.*?)}}/', function($res) use ($pippo) {
      // $val=${trim($res[1])}; Returns "Undefined variable: $pippo"
      $val=@eval("return ".trim($res[1]).";"); // Returns "Looking for a good Pizza"
      return isset($val) ? $val : $res[0];
    },$value);
}

推荐答案

所以，是的， eval（）通常被视为php中最高级别的邪恶之一。在大多数情况下，当任务适合通过 eval（）或变量变量（基本上是包装不良的数组）来解决时，这是存储/存储不当的症状声明的数据，通常最好的做法是彻底重新考虑。

So, yes, eval() is often detested as one of the highest order "evils" in php. In most cases, when a task lends itself to be solved by eval() or variable-variables (which are basically poorly packaged arrays), this is a symptom of inappropriately stored/declared data and often the best course of action is a complete rethink.

要解决您孤立的问题而不从根本上重写自定义函数，我将提供一个邪恶的例子（但我认为它仍然是邪恶的，因为其使用存在风险）- GLOBALS & 全局 ...

To solve your isolated question without fundamentally rewriting the custom function, I'll offer a lesser "evil" (but still an "evil" in my opinion because there are risks in its usage) -- GLOBALS & global...

代码：（演示）

function parseDbString(string $value = 'Looking for a good {{ $pippo }}'){
    global $pippo;                        // declare $pippo as a global variable
    $pippo = 'Pizza';
    return preg_replace_callback('/{{ \$(.*?) }}/', function($m) use ($pippo) {
        echo "Global: " , $GLOBALS['pippo'];
        echo "\n{$m[1]}\n";
        return $GLOBALS[$m[1]] ?? $m[0];  // null coalescing operator provides fallback
    },$value);
}
echo parseDbString();

输出：

Global: Pizza                    # <-- for demonstraton purposes
pippo                            # <-- for demonstraton purposes
Looking for a good Pizza         # <-- desired output

...所以为什么这种解决方法是一个坏主意，所以，假设您有一个包含<$ c的字符串$ c> {{$ db}} －这样的公共变量名称很可能存在于全局变量列表中。因此，如果字符串中的 {{变量}} 与全局范围内的任何变量匹配，都会导致错误的结果。

...so why is this workaround a "bad idea", well, imagine you have a string that contains {{ $db }} -- such a common variable name is likely to exists in your list of global variables. So if the {{ variable }} in your string matches ANY of the variables in the global scope, you're going to get faulty outcomes.

现在，您应该做什么 ？只需在数组中声明您的 $ pippo 数据，即可使用关联关系。 （演示）

Now, what should you do? Just declare your $pippo data in an array so that you have an associative relationship to leverage. (Demo)

function parseDbString(string $value = 'Looking for a good {{ $pippo }}'){
    $lookup = ['pippo' => 'Pizza'];
    return preg_replace_callback('/{{ \$(.*?) }}/', function($m) use ($lookup) {
        return $lookup[$m[1]] ?? $m[0];  // null coalescing operator provides fallback
    }, $value);
}
echo parseDbString();

根据对输入数据的控制量，现在可以删除 $ 在输入字符串中的 pippo 之前-这样就消除了一些不必要的字符。

Depending upon the amount of control you have over your input data, you can now afford to remove the $ before pippo in your input string -- which eliminates a few unnecessary characters here and there.

如果您仍在阅读，可以使用 strtr（）或 str_replace（）清理整个内容。 （演示）

And if you are still reading, you can clean this whole thing up with strtr() or str_replace(). (Demo)

function parseDbString(string $value = 'Looking for a good {{ $pippo }}'){
    $lookup = ['{{ $pippo }}' => 'Pizza'];  // this can be extended all you like!
    return strtr($value, $lookup);
}
echo parseDbString();

这篇关于自定义解析函数PHP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！