The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> Programming Languages
> PHP Development
|
Understanding eval()
Discuss Understanding eval() in the PHP Development forum on Dev Shed.
Understanding eval() PHP Development forum discussing coding practices, tips on PHP, and other PHP-related topics. PHP is an open source scripting language that has taken the web development industry by storm.
|
|
 |
|
|
|
|
Dev Shed Forums Sponsor:
|
|
|
March 10th, 2013, 09:33 PM
|
 |
Contributing User
|
|
|
|
|
Understanding eval()
I am trying to understand eval()
PHP Code:
$x = '11+33';
print eval($x);
It eval() evaluates the string as php code why don't I get 44 as my output?
Obviously I don't understand eval();
HELP!
__________________
Evan
|
March 10th, 2013, 09:52 PM
|
 |
Still alive
|
|
Join Date: Mar 2007
Location: Washington, USA
|
|
Think of eval() like a function call.
Naturally,
won't print anything...
But in case you were considering it, DON'T USE EVAL. There are virtually no good uses for it, and no good excuses for putting it in code. It's great to know about it but leave it at that.
|
March 10th, 2013, 09:59 PM
|
|
Contributing User
|
|
|
|
|
I read about it but I need to evaluate a simple formula that the user will input. How would I do that without eval()? The formula is in a variable and I thought eval() will do it.
|
March 10th, 2013, 10:22 PM
|
|
Still alive
|
|
Join Date: Mar 2007
Location: Washington, USA
|
|
|
Okay, that is one possible use for eval(). But validate the expression to hell and back before you try executing it. Regular expressions or string parsers are the two best options for that.
|
March 11th, 2013, 07:50 AM
|
 |
Likely to be eaten by a grue.
|
|
Join Date: Oct 2006
Location: Pennsylvania, USA
|
|
To evaluate a very simple formula (2 values and an operator), put all 3 in separate inputs and switch on the operator.
What if, instead of a number like you expected, I input:
You'd run that through eval and you'd get 5...and I'd get the entire dump of your PHP.ini, including local passwords, filesystem paths, OS information, version information, patches, extensions...you may as well hand me the keys to your rack (assuming your racks are locked like they should be).
__________________
HEY! YOU! Read the New User Guide and Forum Rules
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin
"The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002
Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
|
March 11th, 2013, 08:49 AM
|
 |
pollyanna
|
|
Join Date: Jul 2012
Location: Germany
|
|
Hi,
you shouldn't even try to "validate" the string by fumbling with regexes. There's a gigantic chance of f*cking that up, and if you do, you're screwed as ManiacDan already explained.
The rule " eval() is evil" exists for a reason. 99% of the time, using eval() is a really, really bad idea. Either it's a gigantic security hole, or it's a symptom of terrible programming.
In your case, the appropriate solution would be to use a seperate interpreter for those expressions. The interpreter can be a simple PHP program, or it can be an external tool you call from your PHP script.
And surprise, surprise: Somebody already thought about a math parser:
https://gist.github.com/ircmaxell/1232629
(it's just the first result I found, so there could be much better implementations)
|
March 11th, 2013, 08:35 PM
|
|
Registered User
|
|
Join Date: Mar 2013
Posts: 21
Time spent in forums: 5 h 27 m 59 sec
Reputation Power: 0
|
|
Quote: | Originally Posted by ManiacDan To evaluate a very simple formula (2 values and an operator), put all 3 in separate inputs and switch on the operator. |
If you're input really will be as simple, or close to it, as your example, here is one possible expansion on ManiacDan:
Code:
strip white space
loop while input is not empty
use regex to find the first digit, maybe something like (\d+) and push it to an fifo array
push the next char onto the array
pop off the first value from the array, store as $total
loop while array is not empty
pop off the current operator
pop off the next value as $cur
$total=$total (operator) $cur
Of course this would break on anything with more than basic operators. But it should be safe with the obligatory input sanitization.
|
March 11th, 2013, 11:56 PM
|
|
Contributing User
|
|
|
|
|
Got it.
Stay away from it.
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
