NYCPHP Meetup

NYPHP.org

[nycphp-talk] Eval question

Tom Melendez tom at supertom.com
Wed Oct 25 16:20:25 EDT 2006 

When I'm faced with using an eval, I usually stop and ask myself "How
did I end up in this situation?".  The answer tends to be that I made
a mistake or assumption earlier on that now has forced me into needing
an eval to continue.

I don't think eval is bad, but rather, it is a glaring reminder of the
mistake I made previously.  Nonetheless, it is there, and there may be
valid reasons for using it depending on your situation.

Tom
http://www.liphp.org

On 10/25/06, Brian O'Connor <gatzby3jr at gmail.com> wrote:
> Is it a bad idea with user input, or in general?  And if in general, why so?
>
> On 10/23/06, Daniel Convissor <
> danielc at analysisandsolutions.com> wrote:
> >
> > On Thu, Oct 12, 2006 at 07:18:11AM -0700, LK wrote:
> > >   $x = 3;
> > >   $y = 4;
> > >   $calc_str = '$x * $y';
> > >   eval("echo \"$calc_str\";");
> >
> > > I want to evaluate the expression $x * $y (x times y). But when I run it
> > > thru the eval() function it returns "3 * 4" instead of "12".
> >
> > Because you are asking PHP to evaluate the quoted string.  What you want
> > to do is:
> >
> > eval("echo $calc_str;");
> >
> > BUT, you are hereby warned that eval() is generaly a very bad idea for
> > security reasons.
> >
> > --Dan
> >
> > --
> > T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
> >             data intensive web and database programming
> >                  http://www.AnalysisAndSolutions.com/
> > 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409
> > _______________________________________________
> > New York PHP Community Talk Mailing List
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
> > NYPHPCon 2006 Presentations Online
> > http://www.nyphpcon.com
> >
> > Show Your Participation in New York PHP
> > http://www.nyphp.org/show_participation.php
> >
>
>
>
> --
> Brian O'Connor
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>
>

More information about the talk mailing list