NYCPHP Meetup

[nycphp-talk] Eval question

Brian O'Connor gatzby3jr at gmail.com
Wed Oct 25 16:07:34 EDT 2006


Is it a bad idea with user input, or in general?  And if in general, why so?

On 10/23/06, Daniel Convissor <danielc at analysisandsolutions.com> wrote:
>
>
> On Thu, Oct 12, 2006 at 07:18:11AM -0700, LK wrote:
> >   $x = 3;
> >   $y = 4;
> >   $calc_str = '$x * $y';
> >   eval("echo \"$calc_str\";");
>
> > I want to evaluate the expression $x * $y (x times y). But when I run it
> > thru the eval() function it returns "3 * 4" instead of "12".
>
> Because you are asking PHP to evaluate the quoted string.  What you want
> to do is:
>
> eval("echo $calc_str;");
>
> BUT, you are hereby warned that eval() is generaly a very bad idea for
> security reasons.
>
> --Dan
>
> --
> T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
>             data intensive web and database programming
>                 http://www.AnalysisAndSolutions.com/
> 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>



-- 
Brian O'Connor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20061025/92f395b6/attachment.html>


More information about the talk mailing list