PHP - templating with custom tags - is this a legit use of eval?

Question

Overview

Around the end of 2009, I wrote a simple templating system for PHP/HTML to be used in-house by our designers for brochure-ware type website

Answer 1

Let me advocate a different approach. Instead of generating PHP code dynamically and then trying to figure out how to execute it safely, execute it directly as you encounter the tags. You can process the entire block of HTML in one pass and handle each tag as you encounter it immediately.

Write a loop that looks for tags. Its basic structure will look like this:

1. Look for a custom tag, which you find at position n.
2. Everything before position n must be simple HTML, so either save it off for processing or output it immediately (if you have no tags on your $tags stack you probably don't need to save it anywhere).
3. Execute the appropriate code for the tag. Instead of generating code that calls $tags->push, just call $tags->push directly.
4. Go back to step 1.

With this approach you only call PHP functions directly, you never build PHP code on the fly and then execute it later. The need for eval is gone.

You'll basically have two cases for step #3. When you encounter an opening tag you will do an immediate push. Then later when you hit the closing tag you can do a pop and then handle the tag in the appropriate manner, now that you've processed the entire contents of the custom element.

It is also more efficient to process the HTML this way. Doing multiple search and replaces on a long HTML string is inefficient as each search and each replacement is O(n) on the length of the string. Meaning you're repeatedly scanning the string over and over, and each time you do a replacement you have to generate whole new strings of similar length. If you have 20KB of HTML then each replacement involves searching through that 20KB and then creating a new 20KB string afterwards.