Geek Answers Handbook

How can I save PHP conditional binding in a database for later use?

In our current application, I have a report that contains something like:

if($foo == 3 || $bar > 3) { $e = someFunction(); };

but for another client, the same expression might be:

 if($foo == 3 || $bar == 5 && $foobar != 9) { $e = someFunction(); };

Is there a direct way to save two different expressions, just

 $foo == 3 || $bar > 3 OR $foo == 3 || $bar == 5

in the database (MySQL), so I don’t need to hard-code all of these rules by the client or support client versions of the same report. I am trying to figure out if I can set the variable o to replace the conditions. Something like:

 $conditions = $row_rsConditions['condition_row'] //Get $foo == 3 || $bar > 3 from the DB and store it as $conditions if($conditions) { $e = someFunction(); };

There may be> 100 different clients, and each client may / will have a different set of expressions. I'm just not sure about the right / best way to do this.

UPDATE

I think I understand the problems using the PHP function eval (). But due to the number of possible combinations, I tend to use a database to store conditions (not sure if eval () is still used)

It does not matter (safer) if there is no interface facing the user who writes the conditions / table in the field? It may be something that we can only do on our side.

+7
source share
3 answers

i will be very careful about storing logic in the database.

  • your code is no longer in one place.
  • the logic in the database is unlikely to be under source control
  • If you change the code and break all this client logic, you need to go back to the database and edit it for each client.
  • other people could have access to the database and could change the code to something malicious.

this is not the best solution, but I would suggest creating an abstract base class, and then inheriting from it, a class specific to each client.

Any custom functions can be added as a method to the base class and redefined for a specific client implementation.

use the switch statement to create an instance of the class based on the identifier or client name (something that doesn't change) that you already store in the database.

 switch ($client_name) { case "abc ltd": $customlogic = new CustomLogicAbc(); break; case "zyx ltd": $customlogic = new CustomLogicXyz(); break; default: $customlogic = new CustomLogicDefault(); break; } if ($customlogic->doSomething($parm1, $parm2)) { // custom logic has been applied }
+3
source

To comment on my comment:

Your last code was almost what I meant:

 $conditions = $row_rsConditions['condition_row']; //Get "$foo == 3 || $bar > 3" if(eval("return (" . $conditions . ");")) { $e = someFunction(); }

However, I will warn you again to remember the risk of this. When you use code from a database, it is likely that the errors are inside. At least some security checks should be performed on the data to avoid misuse.

Another option, which is slightly more complicated, but not one that is prone to misuse, would be to encode the conditions. It looks like you are only comparing 2 variables with a value that you could save for each variable, for example:

 0 != 1 == 2 >= 3 <= 4 > 5 <

In order to preserve the relation and additionally preserve the value with which it should be compared. Thus, there is no direct execution of the code that is stored in the database.

+2
source

no one can tell you how to solve it, because no one knows the functional requirements and the specific logic of your application ... But if the implementation time is important for you, you can, of course, try to use the evaluation of expressions from the database, but be careful and using sanitazing all the data from the database ... Is there an example how to make php expressions and execute from the database? - you just add more logic because you can have multiplicable conditions

0
source

More articles:


All Articles