> Are you sure you have to run it through eval()? It sounds like you're
> creating a query. Couldn't you just create the query dynamically, then put
> it in a mysql_query() function? (or whatever DB you're using) Then, even if
> they try some kung fu on you, it'll just result in a bad query, not some
> rogue code being executed.
Try some kung fu? Never heard it put like that before. :P
I am kind of creating a query. The equation is going to look something like
this:
(({table1.field1} * {table2.field2}) + {table3.field3})
Then I'm going to get the values in those fields and parse the above as if they
were macros (which, in a sense, they are). That could yield something like:
((8 * 5) + 3)
and it is that equation that I'm going to need to eval. So I don't think I'll be able
to do this in a query.
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
