1

How can I check if user-provided PHP code is valid? Specifically, I have a couple of PHP scripts that users can edit via the UI for a variety of reasons. If users edit those scripts, how can I verify that what they provide is valid and isn't going to crash when it actually gets run?

I thought about using a try-catch block around the entirety of the code, but another concern I have is that when I'm testing any code the user provides, I don't want to actually run the code, as the code may cause changes to be made in the system.

Any thoughts would be greatly appreciated. Thank you.

HartleySan
  • 7,404
  • 14
  • 66
  • 119
  • 4
    If you just want to validate that the code is syntactically correct, then what you're looking to do is *lint check* it. See [this post](https://stackoverflow.com/questions/12152765/php-syntax-checking-with-lint-and-how-to-do-this-on-a-string-not-a-file) for some details. If you want to determine whether or not the code is valid to *actually run*, then you're asking us to solve the [Halting Problem](https://en.wikipedia.org/wiki/Halting_problem), and that's going to be a lot trickier. If possible, running the code in a sandbox is probably the best option. – iainn Nov 06 '18 at 11:12
  • Yes, running the code in a sandbox does make the most sense. Thank you. – HartleySan Nov 06 '18 at 12:06
  • You could try something like php lint to check the code when its submitted : https://github.com/overtrue/phplint – aarcarr Nov 06 '18 at 11:12
  • @iainn This page is at serious risk of becoming abandoned. Please decide whether you would like to post your insights as an answer or if you think this page is better resolved with a closure. If you don't want to put your name to an answer, you can of course Wiki it. – mickmackusa Nov 06 '18 at 13:00

0 Answers0