How to convert php eval string to array

Sometimes in PHP development, we need to convert a string into an array. This usually happens when we use the eval function. The eval function can execute a string as PHP code, so that we can dynamically generate and execute code through strings. In some cases we want to execute the generated array through the eval function. At this point, we need to convert the string into an array before it can be used in the eval function.

In this article, we will learn how to convert a string into an array using PHP to make better use of the eval function.

1. Use the eval function

Before writing the code examples in this article, we first need to understand the eval function.

The eval function is a very powerful function in PHP that can execute any valid PHP code. Usually, we will see that the eval function is used to dynamically generate PHP code and execute it. For example, we can use the eval function to execute the following code:

$code = 'echo "Hello, World!";';
eval($code);

This code will output the string "Hello, World!".

Although the eval function allows us to execute any PHP code very conveniently, it also brings some security risks. Because the eval function can execute any code, a malicious user can execute the attack code by entering a piece of malicious code. Therefore, you need to be careful when using the eval function.

2. Convert the string in the eval function into an array

Now, we assume that we use the string in the eval function to generate an array, such as the following code:

$code = 'array("apple", "banana", "orange")';
$result = eval($code);

The purpose of this code is to create an array containing three fruit names. The current array has been written in the $code variable as a string. Before we can use the eval function to execute this string, we need to convert it into an actual array.

Fortunately, PHP provides a function called unserialize that can convert a string into an array. unserialize is a deserialization function in PHP, which is used to convert serialized data back into PHP variables. Since we will save the created array as a string, the unserialize function is useful for us. We can convert the string into an actual array using the following code:

$code = 'array("apple", "banana", "orange")';
$array = unserialize(sprintf('a:%d:{%s}', count($arr = eval("return $code;")), implode(array_map(static fn($v) => "i:" . strlen($v) . ";s:$v", $arr))));

Finally, we can put it all together to complete the process we need.

function codeToArray($code) {
    return unserialize(sprintf('a:%d:{%s}', count($arr = eval("return $code;")), implode(array_map(static fn($v) => "i:" . strlen($v) . ";s:$v", $arr))));
}

$code = 'array("apple", "banana", "orange")';
$result = codeToArray($code);

print_r($result); // 输出 ["apple", "banana", "orange"]

3. Explanation of the code

In this function, we obtain the array $arr returned by the code through the eval function. We use this array to build a required string that stores the serialized data in a specific format.

There are three variables that need to be explained. The first variable is a, which means this is a PHP array. The second variable is %d, which is a placeholder in the numeric formatting string that needs to be replaced with an integer value. Here, it is replaced by the total number of array elements. The last variable is %s, which is also a placeholder in the string formatting string, indicating that it needs to be replaced with a string value. Here, it is replaced with the serialized array element.

Another way we can use the eval function is that we can use the bracket operator to make the eval function return a result. To make our code even simpler, we can use the bracket operator to have the eval function return an array, and then pass that array to the serialize function.

function codeToArray($code) {
    return unserialize(sprintf('a:%d:{%s}', count($arr = eval("return ($code);")), implode(array_map(static fn($v) => "i:" . strlen($v) . ";s:$v", $arr))));
}

$code = 'array("apple", "banana", "orange")';
$result = codeToArray($code);

print_r($result); // 输出 ["apple", "banana", "orange"]

Here, we use the bracket operator to let eval return an array. So, we no longer need to wrap the array in eval and just use the array directly.

4. Summary

In this article, we explored how to use the unserialize function to convert a string into an array. This is a very useful technique when using the eval function. If you need to use eval function in PHP to execute code and use arrays in that code, then this article may be helpful to you.

The above is the detailed content of How to convert php eval string to array. For more information, please follow other related articles on the PHP Chinese website!