Home/ Questions/Q 8079573
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T16:08:56+00:00

$op=$_POST[‘param’]; $statement=eval(return ($op);); in ‘param’, if there is a strange character such letter ‘jfsdf’

  • 0
$op=$_POST['param'];
$statement=eval("return ($op);");

in ‘param’, if there is a strange character such letter ‘jfsdf’ or something else the eval function does not work. How can I solve this problem?

eval function works only well defined entries such as ’54+4*3′ on the other hand if it is used entries such ‘6p+87+4’ it gives an parse error. Is there any way to warn user in order to enter a well defined statement

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First of all, depending on what you mean by “strange” character, you should implement function that verifies the string coming from outside.

    $allowed_chars = array('function', 'this' ); //..add desirable ones

function is_alloved_char($char){
 return in_array($char, $allowed_chars);
}

    RegEx is great for this when You Do except some performance down.

    In your situation str_pos() is great enough to match undesirable chars.

    so, your another function should be similar to:

    /**
 * 
 * @param string
 * @return TRUE on success, FALSE otherwise
 */
function is_really_safe($char){
  global $allowed_chars; //just make this array visible here
 foreach ($allowed_chars as $allowed_char){
   if ( str_pos($allowed_char, $char) ){
     return false;
   }
 }
 return true;
}

    Also, be VERY VERY careful with eval()
    If you use this function in product, then you are doing something wrong.

    • 0