I'm writing a template system that stores the templates names and content in a MySQL database. When the user requests a page the database is queried and the variable name and content is read out and it eval'd to assign the value to the name. This is then stored in a session.

The code to do this is:

PHP Code:
function use_template() {
    global 
$dbhost;
    
    
// Start the session
    
session_start();
        
    
// Open database
    
$link_id=db_connect();
    if (!
$link_id) die(sql_error('Unable to connect to database'));
    
// Count the number of templates stored in the database
    
$query="SELECT COUNT(*) FROM template";
    
$result=mysql_query($query);
    if (!
$result) die(sql_error());
    
// Count the number of rows returned
    
$query_data=mysql_fetch_row($result);
    
$total_templates=$query_data[0];
    
// Only continue if we have some pre-defined templates
    
if($total_templates>0) {
        
// Get all of the templates from the database
        
$query="SELECT * FROM template";
        
$result=mysql_query($query);
        if (!
$result) die("Nothing returned from database");
        
// Loop through the variables
        
while ($db_data=mysql_fetch_row($result)) {
            
// Now to register these variables
            
eval("session_register(\"$db_data[1]\");");
            
// Now to assign a value to this variable
            
eval("$$db_data[1]=\"$db_data[2]\";");
        }
        
// Register this so that we can access it again
        
eval("session_register(\"template_set\");");
        
// Set the flag to indicate that we've set up the template system
        
$template_set=1;
        
$msg.="Template system initialised<BR>";
    }
    return 
$msg
This kinda works in that the variables are created but no values are assigned to them. I've confirmed this by looking at the sess_34255. . . file in /tmp.

However, this piece of code does work:

PHP Code:
session_start();

$variable1="fred";
$variable2="bob";

eval(
"session_register(\"$variable1\");");
eval(
"session_register(\"$variable2\");");

$variable1_value="this is fred";
$variable2_value="this is bob";

eval(
"$$variable1=\"$variable1_value\";");
eval(
"$$variable2=\"$variable2_value\";");

print 
session_encode();
print 
"<BR>The variables have been registered<BR>";

echo 
$fred
If I replace the evals in the first block of code with echo's I get perfectly valid code coming back at me so what the heck is going on ?

Phil
(whose forehead is flat from banging it on the desk)