execute eval on a string that contained plain HTML? Probably because the code was
stored in a database.
Be extremely careful when calling eval on any string that contains data that at any time
came from form variables. This includes database fields that were originally set through a
form. When possible, use nested $ operators instead of eval.
<?
//Contrived example
//eval() line could be replaced with
$$varName = 1;
$varName = "myValue";
eval("\$$varName = 1;");
print($myValue. "
\n");
//More realistic simulation of using eval
//on data from a database
$code_from_database = "<?
print(date(\"Y-m-d\")); ?>";
eval("?>". $code_from_database);
?>
string sprintf(string format, ...)
The sprintf function operates identically to the printf function, except that instead
of sending the assembled string to the browser, the string is returned. See the description
of printf for a detailed discussion. This function offers an easy way to control the
representation of numbers. Ordinarily PHP may print a double with no fraction
<?
$x = 3.00;
//print $x as PHP default
print($x. "
\n");
//format value of $x so that
//it show two decimals after
//the decimal point
$s = sprintf("%.2f", $x);
print($s. "
\n");
?>