I need to store equations in a DB for later use.  For example,
something like the following might appear in one of the fields:

(( 2 * 3 ) + 7 ) / ( 8 / 4 )

So I want to eval() *only* equations.  However, there is nothing
stoping someone from entering in a valid PHP command that
accesses the file system.  While only a certain class of user
will be able to access the page that allows the input of this 
of this equation, there isn't anything to stop them from entering
malicious code.
So my question, aside from parsing the value of the field, is there
any way to run eval so that it won't run system commands?  So
that it will only run mathematical equations?  Has anyone already
come up with this kind of code?  Suggestions?  Ideas?


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to