#48290 [Opn]: provide a function to get caller scope variables

Mon, 10 Aug 2009 04:25:37 -0700 

 ID:               48290
 User updated by:  kexianbin at diyism dot com
 Reported By:      kexianbin at diyism dot com
 Status:           Open
 Bug Type:         Feature/Change Request
 Operating System: Irrelevant
 PHP Version:      5.3.0
 New Comment:

Maybe currently i could write like this:

$sql=eval(safe(
     "insert into z_test (name, value) values ('{$name}', '{#value}')"
     ));
mysql_query($sql);


Previous Comments:
------------------------------------------------------------------------

[2009-08-03 05:24:58] kexianbin at diyism dot com

Sigh, few people noticed this.

------------------------------------------------------------------------

[2009-05-15 06:28:06] yuyun0102 at gmail dot com

²ÝÄàÂí

------------------------------------------------------------------------

[2009-05-15 06:08:47] kexianbin at diyism dot com

You will say to use PDO, but these code is so ugly:

$sql=$pdo->prepare("select *
                    from sem_SearchChangeShow
                    where Keyword=:Keyword
                          and BatchNum=:BatchNum
                          and OldChannelID=:ApvChannelID_old
                          and OldCategoryID=:ApvCategoryID_old
                  ");
$sql->execute(array(':Keyword'=>$v['Keyword'],
                    ':BatchNum'=>$v['BatchNum'],
                    ':ApvChannelID_old'=>$v['ApvChannelID_old'],
                    ':ApvCategoryID_old'=>$v['ApvCategoryID_old']
                   )
             );
$tmp=$sql->fetch(PDO::FETCH_ASSOC);

------------------------------------------------------------------------

[2009-05-15 05:49:52] kexianbin at diyism dot com

Description:
------------
Provide a function to get variables from caller scope.

I knew ticket 47454, 40339, 34210 are similar,
but this is indeed a useful function that was overlooked.

Reproduce code:
---------------
Currently:

$name="myname";
$value="lk,jdsk'jlkjdf";
function safe($sql)
         {$sql=strtr($sql, array('"'=>'\"', '\\'=>'\\\\'));
          return 'return "'.preg_replace(array('/\{#(.*?)\}/'),
array('".addslashes($\1)."'), $sql).'";';
         }
$sql="insert into z_test (name, value) values ('{$name}',
'{#value}')";
mysql_query(eval(safe($sql)));

If we have function get_caller_vars() in caller's scope:
(similar to get_defined_vars() in current scope)

$name="myname";
$value="lk,jdsk'jlkjdf";
function mysql_query_safe($sql)
         {extract(get_caller_vars());
          $sql=strtr($sql, array('"'=>'\"', '\\'=>'\\\\'));
          return 'return "'.preg_replace(array('/\{#(.*?)\}/'),
array('".addslashes($\1)."'), $sql).'";';
          $sql=eval($sql);
          mysql_query($sql);
         }
$sql="insert into z_test (name, value) values ('{$name}',
'{#value}')";
mysql_query_safe($sql);

Expected result:
----------------
We have a function to get variables in caller scope.

Actual result:
--------------
No such function.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=48290&edit=1

Reply via email to