> Are you sure you have to run it through eval()? It sounds like you're
> creating a query. Couldn't you just create the query dynamically, then put
> it in a mysql_query() function? (or whatever DB you're using) Then, even if
> they try some kung fu on you, it'll just result in a bad query, not some
> rogue code being executed.

Try some kung fu?  Never heard it put like that before. :P

I am kind of creating a query.  The equation is going to look something like

(({table1.field1} * {table2.field2}) + {table3.field3})

Then I'm going to get the values in those fields and parse the above as if they
were macros (which, in a sense, they are).  That could yield something like:

((8 * 5) + 3)

and it is that equation that I'm going to need to eval.  So I don't think I'll be able
to do this in a query.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to