CSI: PHP

"Looking at your tweets I cannot even fathom what your job is. CSI:PHP?" — @grmpyprogrammer

doPostEval()

| Comments

Post as in “after”, yes, but also post as in $_POST. Eval as in our old enemy eval(). This function is called on every single $_POST key/value pair after form submission. $On_Insert is an array of executable PHP code stored in the database.

Figure out the rest of the misery yourself. I might jump off a cliff if I have to think through this code again.

1
2
3
4
5
6
7
8
9
10
11
12
<?php
Function doPostEval($Key,$Value,$On_Insert)
{
    $Code = $On_Insert[$Key];
    $xxx = '';
    if ($Code <> '') {
        eval($Code);
        return($xxx);
    } else {
        return($Value);
    }
}

Comments