You'll have to come up with a regular expression to check for bad
characters. How complex are the equations? If they are like your example,
you can just check that the equation doesn't have any letters and is only
made up of [0-9+*-/()] characters.
---John Holmes...
- Original Message -
You'll have to come up with a regular expression to check for bad
characters. How complex are the equations? If they are like your example,
you can just check that the equation doesn't have any letters and is only
made up of [0-9+*-/()] characters.
It's pretty complex. What I gave was a
rogue code being executed.
---John Holmes...
- Original Message -
From: Chris Boget [EMAIL PROTECTED]
To: 1LT John W. Holmes [EMAIL PROTECTED]; PHP General
[EMAIL PROTECTED]
Sent: Tuesday, May 21, 2002 10:17 AM
Subject: Re: [PHP] Secure eval();
You'll have to come up with a regular
Are you sure you have to run it through eval()? It sounds like you're
creating a query. Couldn't you just create the query dynamically, then put
it in a mysql_query() function? (or whatever DB you're using) Then, even if
they try some kung fu on you, it'll just result in a bad query, not some
-Original Message-
From: Chris Boget [mailto:[EMAIL PROTECTED]]
Subject: Re: [PHP] Secure eval();
Are you sure you have to run it through eval()? It sounds
like you're
creating a query. Couldn't you just create the query
dynamically, then put
it in a mysql_query() function
5 matches
Mail list logo
