[nycphp-talk] Eval question
Brian O'Connor
gatzby3jr at gmail.com
Wed Oct 25 16:07:34 EDT 2006
Is it a bad idea with user input, or in general? And if in general, why so?
On 10/23/06, Daniel Convissor <danielc at analysisandsolutions.com> wrote:
>
>
> On Thu, Oct 12, 2006 at 07:18:11AM -0700, LK wrote:
> > $x = 3;
> > $y = 4;
> > $calc_str = '$x * $y';
> > eval("echo \"$calc_str\";");
>
> > I want to evaluate the expression $x * $y (x times y). But when I run it
> > thru the eval() function it returns "3 * 4" instead of "12".
>
> Because you are asking PHP to evaluate the quoted string. What you want
> to do is:
>
> eval("echo $calc_str;");
>
> BUT, you are hereby warned that eval() is generaly a very bad idea for
> security reasons.
>
> --Dan
>
> --
> T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
> data intensive web and database programming
> http://www.AnalysisAndSolutions.com/
> 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
--
Brian O'Connor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20061025/92f395b6/attachment.html>
More information about the talk
mailing list