PHP - create function issue

Question

I'm trying to understand this code and I can't :(

$time = date('Y-m-d', strtotime('-30 days'));
$what = create_function('$a', 'return $a.'.'"'." AND date > '$time'".'"'.';');

Why does the $time variable get passed successfully in this created function, but when I try:

$limit = 10;
$what = create_function('$a', 'return '.'"'." LIMIT '$limit'".'"'.';');

$limit doesn't ?

ps: if I try $what = create_function('$a', 'return '.'"'." LIMIT 10".'"'.';'); it works...

Answer 1

The code can be much simplified:

$what = create_function('$a', "return \"LIMIT $limit\";");

or

$what = create_function('$a', 'return "LIMIT ' .  $limit .'";');

The code should work. Note that the number after LIMIT must not be enclosed in quotes in the SQL syntax.

But as you are creating a function, you could also pass $limit as parameter to the function:

$what = create_function('$limit', 'return "LIMIT $limit";');
$str = $what(10);

or don't use create_function at all and just do string concatenation directly:

$str = 'LIMIT ' . $limit;

Answer 2

It is hard to read and to difference between ' and " in your example.

Try this:

$what = create_function('$a', "return \"LIMIT $limit;\""); 

As well as

$what = create_function('$a', 'return \'LIMIT $limit;\''); 

Or

$what = create_function('$a', 'return "LIMIT '.$limit.';"'); // most clear, I think

You can use \ as escaping character, this means the next character after this will not be interpreted as a closing quote if it is the current quote character.

Example:

echo '\''; // will output '
echo '\"'; // will output \"
echo "\""; // will output "

Answer 3

I have just tested your second code, and it works, correctly passing in $limit:

<?php
$limit = 10;
$what = create_function('$a', 'return '.'"'." LIMIT '$limit'".'"'.';');
echo $what(2);// note: `2` was randomly chosen, and used because $what expects an argument
// result: ` LIMIT '10'`
?>

The above $what line can be rewritten as:

$what = create_function('$a', 'return "' . " LIMIT '$limit'" . '";');

Beware that you do not accidentally write it as (note the quote characters around $limit:

$what = create_function('$a', 'return "' . ' LIMIT "$limit"' . '";');

In that case, $limit does not get substituted by 10 (value of $limit).

Answer 4

First of all, I am wondering why you are using create_function? If there is any chance (and there usually is), you should try to avoid it, since this generally results in very sloppy code.

The first thing I notice is that your second example doesn't do anything with $a:

$what = create_function('$a', 'return '.'"'." LIMIT '$limit'".'"'.';');

Should probably be:

$what = create_function('$a', 'return $a . '.'"'." LIMIT '$limit'".'"'.';');

Also, when concatenating strings, try surround the . by spaces. It will make your code more readable (and thus, debugabble). Lastly, go easy on the double and single quotes :)

Answer 5

Your code seems a little messy when your concatenating strings, try a simpler approach:

create_function('$a', sprintf('return "LIMIT %d"',$limit));

if you don't mind me asking, why are you creating a function to return a simple string ?

Answer 6

In create_function, $limit is in single quotes; either you should include it in double quotes ("LIMIT $limit") or use the concatenation (.) operator (like this: '".$limit."').