eval（）不返回函数结果

I have a method name that is stored in a column in the DB that looks like this:

customs::nicknames($data)

This is the related class:

    class customs extends service {

    function __construct() {
        parent::__construct();
    }

    public static function nicknames($data) {
        return $data;
    }

}

When I call it in this way:

$merge = eval($error['custom'] . ';');

The contents of the $data variable is not returned. Just to give it a try I tried with echo and it is correctly returning the array to string conversion php error. So the variable $data is read correctly. But why does not it return anything?

If I try to call this method without using eval() like this:

$merge = customs::nicknames($data);

The $data is returned correctly.

So what's wrong?

Why eval() is not able to return the method results? How can I solve this issue?

Why eval() is not able to return the method results?

Simply because you don't return anything in your eval part.

Docs:

eval() returns NULL unless return is called in the evaluated code, in which case the value passed to return is returned.

How can I solve this issue?

You can assign variable ($merge in given example) in eval. For example:

eval('$merge =' . $error['custom'] . ';');

or return value in eval. E.g:

$merge = eval('return '.$error['custom'].';');

Note: Don't use eval in real-world applications.

Warning from docs:

The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

If eval() is dangerous is there another way to read a string as code in a safe way?

Yes, there is (actually, are):

1. PHP is very dynamic language. It has ability to do following stuff with strings:

   • Define and/or get variable (supported from PHP 4.3). For example:

     $variableName = 'MyVariable';
     // Create new variable with the name defined in variable $variableName
     ${$variableName} = 'MyValue';
     //Outputs: string(7) "MyValue"
     var_dump($MyVariable);
     //Outputs: string(7) "MyValue"
     var_dump(${'MyVariable'});
     

     Demo

   • Call function (supported from PHP 4.3). For example:

     // Create function with the name defined in variable $functionName
     function MyFunction($argument) {
         return 'Argument passed is: '.$argument;
     }
     
     $functionName = 'MyFunction';
     
     // Outputs:
     // string(48) "Argument passed is: Calling MyFunction directly."
     var_dump(MyFunction('Calling MyFunction directly.'));
     // Outputs:
     // string(51) "Argument passed is: Calling MyFunction with string."
     var_dump($functionName('Calling MyFunction with string.'));
     

     Demo

   • Create instance of class (supported from PHP 5.0). For example:

     class MyClass {
         public function __construct() {
             echo 'Constructing MyClass'."
     ";
         }
     }
     
     $className = 'MyClass';
     
     $objFromString = new $className();
     // Outputs: object(MyClass)#1 (0) {}
     var_dump($objFromString);
     

     Demo

   • Call static method (supported from PHP 5.0). For example:

     class MyClass {
         public static function staticMethod() {
             return 'MyClass::staticMethod called';
         }
     }
     
     $staticMethodName = 'staticMethod';
     // Outputs: string(28) "MyClass::staticMethod called"
     var_dump(MyClass::$staticMethodName());
     

     Demo

     And from PHP 5.3 class name can also be defined by string. Example:

     class MyClass {
         public static function staticMethod() {
         return 'MyClass::staticMethod called';
         }
     }
     
     $className = 'MyClass';
     $staticMethodName = 'staticMethod';
     
     var_dump($className::$staticMethodName());
     var_dump($className::staticMethod());
     

     Demo

   • Call instance method of object (supported from PHP 5.0). For example:

     class MyClass {
         public function instanceMethod() {
             return 'MyClass::instanceMethod called';
         }
     }
     
     $methodName = 'instanceMethod';
     
     $obj = new MyClass();
     // Outputs: string(30) "MyClass::instanceMethod called"
     var_dump($obj->$methodName());
     

     Demo

   • Access static and instance properties of object (supported from PHP 5.0). For example:

     class MyClass {
         public static $myStaticProperty;
         public $myInstanceProperty;
     }
     
     $staticPropertyName = 'myStaticProperty';
     $instancePropertyName = 'myInstanceProperty';
     
     MyClass::${$staticPropertyName} = 'my static value';
     $obj = new MyClass();
     $obj->{$instancePropertyName} = 'my instance value';
     
     var_dump(MyClass::${$staticPropertyName});
     var_dump($obj->{$instancePropertyName});
     

     Demo

2. PHP has two functions: call_user_func and call_user_func_array for dynamic function/method calls. Both are perfectly documented so I won't go in details here.
3. Even if everything above is not enough PHP 5 comes with great Reflection API. Unfortunately, documentation has few examples but reflection is quite large topic to cover here. Basically, It's not a big deal to use reflection after reading how it works.