Home/ Questions/Q 6941009
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T12:49:48+00:00

(Please note, it’s been user entered, so I cannot hard code it). Anyways, the

  • 0

(Please note, it’s been user entered, so I cannot hard code it). Anyways, the user enters math.php?do=2+2 and the script will kick back 4 as a result. Another thing is that the input is rigorously verified, so, there is no malicious possibility. My testing method is this

function testMath($char){
    $array['math'] = Array("+", "-", "/", "*", "(", ")", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9");
    foreach($char as $chr){
        if(!in_array($chr, $array['math'){
            return false;
        }
    }
    return true;
}

Would it be safe to eval() something checked by this? or should I forget about doing math from user-entered input?

Side note, PHP throws

Parse error: parse error in C:\Users\Josh\Desktop\App\html\new.php(24) : eval()'d code on line 1

When I try to eval() something. What’s wrong?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’m not sure how you used the eval() since you didn’t post that part of your code. But if you are going to eval the code, you need to specify the variable it will be saved to:

    Revised testMath:

    function testMath($char){
    if(strlen($char) > 10) return false;
    $array['math'] = Array("+", "-", "/", "*", "(", ")", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9");
    foreach($char as $chr){
        if(!in_array($chr, $array['math'){
            return false;
        }
    }
    return true;
}

$math = $_GET['do'];
if(testMath($math)) eval("$result = " . $math . ";");

echo $math, ' = ', $result;
    • 0