Home/ Questions/Q 8503169
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T01:41:07+00:00

I have code something like the following, which declares a class and its name

  • 0

I have code something like the following, which declares a class and its name is based on a retrieved string. But the problem is that the string may contain illegal characters that PHP doesn’t accept as a class name. So is there a good way to sanitize the string before using it as a class name?

$retrieved_string = 'some unformatted string; it may contain illegal characters to be passed as a class name.';

$strMyScript = basename(__FILE__, ".php"); 
$strMyScript = sanitize_variable($strMyScript);
$strClassName = sanitize_variable($retrieved_string);

eval('
    class ' . $strMyScript . '_' . $strClassName . ' extends AnotherClass {
        // some code here
    }
');

funaction sanitize_variable($string) {
    // sanitize the string
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First decide what you need a filter or a validator. A validator will return true/false. Then you can raise an exception, produce an error for the user or just ignore the file. The other option is to use a filter which will effectively remove characters from the input string.

    public function sanitize($input)
{
    $pattern = '/[^a-zA-Z0-9]/';

    return preg_replace($pattern, '', (string) $input);
}

    You might also want to check for unicode. The pattern is:

    public function sanitize($input)
{
    if (!@preg_match('/\pL/u', 'a'))
    {
        $pattern = '/[^a-zA-Z0-9]/';
    }
    else
    {
        $pattern = '/[^\p{L}\p{N}]/u';
    }
    return preg_replace($pattern, '', (string) $input);
}

    Issues also to consider:

    • Do you want to enable whitespace support? In this case you will need to add a space in the $pattern variables.
    • Are the filenames in a language other than English? Then you will need to do some locale specific manipulation to get the $pattern up to date.

    HTH

    • 0