I need to store equations in a DB for later use. For example, something like the following might appear in one of the fields:
(( 2 * 3 ) + 7 ) / ( 8 / 4 ) So I want to eval() *only* equations. However, there is nothing stoping someone from entering in a valid PHP command that accesses the file system. While only a certain class of user will be able to access the page that allows the input of this of this equation, there isn't anything to stop them from entering malicious code. So my question, aside from parsing the value of the field, is there any way to run eval so that it won't run system commands? So that it will only run mathematical equations? Has anyone already come up with this kind of code? Suggestions? Ideas? thnx, Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
