StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO__autoload: Escape ClassName
text
Body
copied!<p>this is my first attemp to create a frontController and I've come over some little problem.</p> <p><strong>First let me give you an impression how my site looks like:</strong> When I open <code>http://mysite.com/test</code> in my browser, the server will call an index.php with the GET parameter $controller (test). This is done by a .htaccess. In the index.php there shall be created an instance of the class $controller. For this I use the __autoload function of PHP. So the code looks like this:</p> <pre><code>$controller = $_GET["controller"]; function __autoload($controller) { include("controllers/$controller.php"); if(!class_exists($controller, false)) { eval (' class '. $controller . ' { public function __construct() { include("404.html"); exit(); } } '); } } $application = new $controller; </code></pre> <p>When you looked at the code I provided you may have noticed the <strong>eval()</strong> thingy in it. I use this to avoid the fatal error when a $controller class doesn't exist, and display a 404 instead of it.</p> <p><strong>And here starts the fun:</strong> when somebody enters an url like </p> <blockquote> <p><a href="http://mysite.com/ImATroll!:D" rel="nofollow">http://mysite.com/ImATroll!:D</a></p> </blockquote> <p>There will be</p> <blockquote> <p>Parse error: syntax error, unexpected '!'</p> </blockquote> <p>And...</p> <blockquote> <p>Fatal error: Class 'ImATroll!:D' not found</p> </blockquote> <p><strong>So the question is:</strong> How can I catch this? How can I escape the $controller variable a way that it only contains characters allowed for classnames?</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload