Skip to content
Advertisement

Removing eval from PHP function [closed]

I want to know if there is a way to remove eval() from my code.

In this function I load by POST some vars to update or insert a new user on my DB based on what the admin has inserted on the form.

JavaScript

As this opens some security vulnerabilities there are any other alternatives to get this working?

Advertisement

Answer

It seems like you could simplify your code a lot, and remove the need for eval() which you shouldn’t use unless it is a last resort.

There is no need for all the IF blocks had in your code, because if the value isn’t set, it also won’t be added to the $values array.

Just assign your $_POST variable to a $values variable, Laravel does most of the heavy lifting for you.

JavaScript

I see in your code that you rename the contact variable to contacto. I recommend changing your form to match this variable name, but if that isn’t possible, you can still rename it after setting $values = $_POST like this:

JavaScript

Also, if your form sends any variables that you do NOT want to send to the database, such as a “password verify” field or something like that, then you can unset them after setting $values = $_POST like this:

JavaScript
User contributions licensed under: CC BY-SA
1 People found this is helpful
Advertisement