Forums

In chronocontact.php there are a few places that eval() the code entered by the user in the backend. Firstly, eval() seems slow way to execute code, and secondly seems to be frowned upon in a lot of places.

Would it make any difference if we used the output buffer instead?

<?php
function parseCode($code, $params=array()) {
  extract($params);
  ob_start();
  include $code;
  return ob_get_clean();
}
?>

Where $code is $rows[0]->autogenerated etc? Does this make any sense?

Hi petersen,

I've no real technical knowledge here - this is Max's area. So, just some observations. For most forms the code that is being eval'd is a few lines of html with some embedded php echos - the computing overhead is pretty minimal. Likewise the risk as the eval'd code is entered from the admin area - though there is a risk.

Using the output buffer might be more effective - but it's also the code that gave Max major problems in the Joomla 1.5.x backend - all the posts here that asked people to turn Gzip off were related somehow to the use of the obstart.

Bob

Eval isn't the fastest, but as things stand this code can't be included as its stored in the database not in a file. It is the sensible way to execute user code.