tags:

views:

562

answers:

4
+3  Q: 

Dynamically generate classes at runtime in php?

Here's what I want to do:

$clsName = substr(md5(rand()),0,10); //generate a random name
$cls = new $clsName(); //create a new instance

function __autoload($class_name)
{
  //define that instance dynamically
}

Obviously this isn't what I'm actually doing, but basically I have unknown names for a class and based on the name, I want to generate the class with certain properties etc.

I've tried using eval() but it is giving me fits over private and $this-> references...

//edit

Ok, obviously my short and sweet "here's what I want to do" caused massive strife and consternation amongst those who may be able to provide answers. In the hope of getting an actual answer I'll be more detailed.

I have a validation framework using code hints on the site I maintain. Each function has two definitions

function DoSomething($param, $param2){
   //code
}
function DoSomething_Validate(vInteger $param, vFloat $param2){
   //return what to do if validation fails
}

I'm looking to add a validator for primary keys in my database. I don't want to create a separate class for EVERY table (203). So my plan was to do something like

function DoSomething_Validate(vPrimaryKey_Products $id){ }

Where the __autoload would generate a subclass of vPrimaryKey and set the table parameter to Products.

Happy now?

+4  A: 

This is almost certainly a bad idea.

I think your time would be better spent creating a script that would create your class definitions for you, and not trying to do it at runtime.

Something with a command-line signature like:

./generate_classes_from_db <host> <database> [tables] [output dir]
hobodave  2009-07-29 23:27:16
You should at least provide a reason why.
Jordan S. Jones  2009-07-29 23:36:34
No, I shouldn't. Should I provide you a reason not to beat someone to death with a hammer? No. Same thing.
hobodave  2009-07-29 23:38:17
If you didn't know what death was then yes it should be explained. The OP may not understand the security issues with doing this are.
MitMaro  2009-07-29 23:42:17
I'd say the security issues are besides the point. I'm sure he's trying to do something that has at least 3 better solutions.
hobodave  2009-07-29 23:44:07
Valid point hobodave.
MitMaro  2009-07-30 00:41:26
That is a valid point hobodave, but unfortunately it did take these comments to get that out. At any rate, your updated answer is perfect. +1.
Jordan S. Jones  2009-07-30 01:04:53
Dave - I like your idea of generating the classes with a script. I should have thought of that. I know eval is evil, that's why I was asking the question... :)
Will Shaver  2009-07-30 15:20:41
Great answer. +!
MitMaro  2009-07-30 17:38:26
+2  A: 

Using eval() is really a bad idea. It opens a large security hole. Just don't use it!

Henrik P. Hessel  2009-07-29 23:29:34
+1 for giving the reason why this is a bad idea.
MitMaro  2009-07-29 23:43:42
+1  A: 

Please read everyone else answers on how this is truly a very very bad idea.

Once you understand that, here is a small demo on how you could, but should not, do this.

<?php
$clname = "TestClass";

eval("class $clname{}; \$cls = new $clname();");

var_dump($cls);
MitMaro  2009-07-29 23:36:22
Yes, but when you do eval(...) this fails:eval("class $clsname{ public function DoSomething(){$this->bob = 4;}}");because you can't use "this" in the middle of a non-class function. Or if I were in a class function it would be the wrong "this" pointer...
Will Shaver  2009-07-29 23:51:04
You have an escaping issue but I refuse to help any further then that because this is like everyone said a bad idea.
MitMaro  2009-07-29 23:55:27
MitMaro... wow, I must have been really out of it yesterday to not notice needing to escape my $. Thanks.
Will Shaver  2009-07-30 15:19:03
A: 

its funny, actually this is one of the few things where eval doesnt seem such a bad idea.

as long as you can ensure that no user input will ever enter the eval.

you still have downsides like when your using a bytecode cache that code wont be cached etc etc. but the security issues of eval are pretty much related to having user inputy in the eval, or to ending up in the wrong scope.

if you know what you are doing, eval will help you with this.

That said, in my opinion you are much better off when you no rely on type-hinting for your validation, but you have one function DoSomething_Validate($id) { // get_class($id) and other validation foo here }

foobaer  2010-06-03 13:48:57

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases