Home » Php » Dynamically generate classes at runtime in php?

Dynamically generate classes at runtime in php?

Posted by: admin November 30, 2017 Leave a comment

Questions:

Here’s what I want to do:

$clsName = substr(md5(rand()),0,10); //generate a random name
$cls = new $clsName(); //create a new instance

function __autoload($class_name)
{
  //define that instance dynamically
}

Obviously this isn’t what I’m actually doing, but basically I have unknown names for a class and based on the name, I want to generate the class with certain properties etc.

I’ve tried using eval() but it is giving me fits over private and $this-> references…

//edit

Ok, obviously my short and sweet “here’s what I want to do” caused massive strife and consternation amongst those who may be able to provide answers. In the hope of getting an actual answer I’ll be more detailed.

I have a validation framework using code hints on the site I maintain. Each function has two definitions

function DoSomething($param, $param2){
   //code
}
function DoSomething_Validate(vInteger $param, vFloat $param2){
   //return what to do if validation fails
}

I’m looking to add a validator for primary keys in my database. I don’t want to create a separate class for EVERY table (203). So my plan was to do something like

function DoSomething_Validate(vPrimaryKey_Products $id){ }

Where the __autoload would generate a subclass of vPrimaryKey and set the table parameter to Products.

Happy now?

Answers:

This is almost certainly a bad idea.

I think your time would be better spent creating a script that would create your class definitions for you, and not trying to do it at runtime.

Something with a command-line signature like:

./generate_classes_from_db <host> <database> [tables] [output dir]

Questions:
Answers:

its funny, actually this is one of the few things where eval doesnt seem such a bad idea.

as long as you can ensure that no user input will ever enter the eval.

you still have downsides like when your using a bytecode cache that code wont be cached etc etc. but the security issues of eval are pretty much related to having user inputy in the eval, or to ending up in the wrong scope.

if you know what you are doing, eval will help you with this.

That said, in my opinion you are much better off when you no rely on type-hinting for your validation, but you have one function

DoSomething_Validate($id)
{ 
   // get_class($id) and other validation foo here
}

Questions:
Answers:

I know this is an old question and there are answers that WILL work, but I wanted to offer a few snippets that would answer the original question and I think offer a more expanded solution should someone end up here like I did when searching for an answer to this problem.

Create Single Dynamic Class

<?php
// Without properties
$myclassname = "anewclassname";
eval("class {$myclassname} { }";
// With a property
$myclassname = "anewclassname";
$myproperty = "newproperty";
eval("class {$myclassname} { protected ${$myproperty}; }";
?>

As long as you properly escape your text, you could also add a function in there.

But what about if you want to dynamically create classes based on something that could itself be dynamic such as creating a class for each table in your database as the original question mentioned?

Create Multiple Dynamic Classes

<?php

// Assumes $dbh is a pdo connection handle to your MySQL database
$stmt=$dbh->prepare("show tables");
$stmt->execute();
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
$handle = null;
$classcode = '';
foreach ($result as $key => $value) {
    foreach ($value as $key => $value) {
        $classcode = "class {$value} { ";
        $stmt2=$dbh->prepare("DESC $value");
        $stmt2->execute();
        $result2 = $stmt2->fetchAll(PDO::FETCH_ASSOC);
        foreach ($result2 as $key => $value) {
            $classcode .= "public ${$value['Field']}; ";
        }
        $classcode .=  "}";
        eval($classcode);
    }
}

?>

This will dynamically generate a class for each table in a database. For each class, a property that is named after each column will ALSO get created.

Now it’s been pointed out you shouldn’t do this. As long as you control what’s going on in the eval, the risk of security isn’t a problem. BUT — there’s most likely a solution that makes more sense if you think deeply enough about it. I thought I had the perfect use case for dynamically creating new classes. Careful examination of the problem proved otherwise.

One potential solution — use the stdClass for creating objects that are just data containers and don’t need any methods.

Also — as mentioned, you could use a script to manually generate lots of classes. In the case of classes mirroring your database tables, you could use the same logic I have above and instead of doing an eval, write that info to a file.

Questions:
Answers:

I think using eval() it’s not a reliable solution, especially if your script or software will be distributed to different clients. Shared hosting providers always disable eval() function.

I’m thinking of a better aproach like this :

<?php 

 function __autoload( $class ) {
      require 'classes/'.$class.'.php';

}

$class = 'App';
$code = "<?php class $class {
    public function run() {
        echo '$class<br>';  
    }
    ".'
    public function __call($name,$args) {
        $args=implode(",",$args);
        echo "$name ($args)<br>";
    }
}';

file_put_contents('classes/App.php' ,$code);

$a = new $class();
$a->run();

After finishing executing the code, you can delete the file if you want, I tested it and it works perfectly.

Questions:
Answers:
function __autoload($class)  {
    $code = "class $class {`
        public function run() {
            echo '$class<br>';  
        }
        ".'
        public function __call($name,$args) {
            $args=implode(",",$args);
            echo "$name ($args)<br>";
        }
    }';

    eval($code);
}

$app=new Klasse();
$app->run();
$app->HelloWorld();

This might help to create a class at runtime.
It also creates a methor run and a catchall method for unknown methods
But better create Objects at runtime, not classes.

Questions:
Answers:

Using eval() is really a bad idea. It opens a large security hole. Just don’t use it!

Questions:
Answers:

Please read everyone else answers on how this is truly a very very bad idea.

Once you understand that, here is a small demo on how you could, but should not, do this.


<?php
$clname = "TestClass";

eval("class $clname{}; $cls = new $clname();");

var_dump($cls);