Is it a bad idea with user input, or in general?  And if in general, why so?

On 10/23/06, Daniel Convissor < [EMAIL PROTECTED]> wrote:

On Thu, Oct 12, 2006 at 07:18:11AM -0700, LK wrote:
>   $x = 3;
>   $y = 4;
>   $calc_str = '$x * $y';
>   eval("echo \"$calc_str\";");

> I want to evaluate the _expression_ $x * $y (x times y). But when I run it
> thru the eval() function it returns "3 * 4" instead of "12".

Because you are asking PHP to evaluate the quoted string.  What you want
to do is:

eval("echo $calc_str;");

BUT, you are hereby warned that eval() is generaly a very bad idea for
security reasons.

--Dan

--
T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                 http://www.AnalysisAndSolutions.com/
4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php



--
Brian O'Connor
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php

Reply via email to