[nycphp-talk] Eval question
gatzby3jr at gmail.com
Wed Oct 25 16:07:34 EDT 2006
Is it a bad idea with user input, or in general? And if in general, why so?
On 10/23/06, Daniel Convissor <danielc at analysisandsolutions.com> wrote:
> On Thu, Oct 12, 2006 at 07:18:11AM -0700, LK wrote:
> > $x = 3;
> > $y = 4;
> > $calc_str = '$x * $y';
> > eval("echo \"$calc_str\";");
> > I want to evaluate the expression $x * $y (x times y). But when I run it
> > thru the eval() function it returns "3 * 4" instead of "12".
> Because you are asking PHP to evaluate the quoted string. What you want
> to do is:
> eval("echo $calc_str;");
> BUT, you are hereby warned that eval() is generaly a very bad idea for
> security reasons.
> T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
> data intensive web and database programming
> 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
> New York PHP Community Talk Mailing List
> NYPHPCon 2006 Presentations Online
> Show Your Participation in New York PHP
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the talk