Thanks, Justin. I am really trying to figure something else out instead of eval. It is really too much of a security hole. I really appreciate the community to bounce ideas.
Regards, Dave ---------- >From: Justin French <[EMAIL PROTECTED]> >To: David Pratt <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: Re: [PHP] Example safe use of eval() >Date: Thu, Aug 1, 2002, 5:35 PM > > You can't really do much to make sure the execution of eval is safe, it's > more than you have to trust the string that you're about to eval(). > > So, as long as you and your production team were the only ones who put the > code into the strings or tables, and tested the code before hand, then 90% > there. > > I'd suggest also reading all the user-contributed notes at > http://php.net/eval too. > > > Justin > > > on 02/08/02 5:26 AM, David Pratt ([EMAIL PROTECTED]) wrote: > >> I am trying to get code that I have saved as a string in a database to >> evaluate as code within a larger script with a loop. There are obvious >> security concerns with allowing users to input code into the field if it is >> not preprocessed before it is evaluated. The eval function appears to be the >> ticket with PHP 4 since it will return the results as well. Has anyone got >> an example of an appropriate preprocessing strategy and/or example of eval() >> being used this way? Thanks to those that replied to my original post. >> >> -- >> >> Dave Pratt > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
