dresden_phoenix — 2013-06-20T16:47:14-04:00 — #1
This may sound naive, but maybe some expert knows a juicy PHP secret.
I was wondering if there was a PHP function that can take a STRING and evaluate it as a logic statement, returning true/false?
No, not EVAL as eval is evil. Essentially I wondered if there was a user accessible function that performs the evaluation in between () for conditional statements , but DOES NOT call functions or perform any PHP commands.
maybe something that would look like this :
PHPMagic("$a > $b || 2 === (1+1) "); // returns boolean true
most likely what I am asking doesnt exist, but I wanted to make sure. Thanks all!
logic_earth — 2013-06-20T16:57:22-04:00 — #2
$v = ( $a > $b || $c === ( $d + $e ) );
Nothing fancy here.
cpradio — 2013-06-20T16:59:21-04:00 — #3
sure there is... just prepend $result = in front and run it through eval! :lol:
Unfortunately, that is the only way I know of at the moment without getting "too clever" and using a system/exec call to run a command through php cli...
cpradio — 2013-06-20T17:00:12-04:00 — #4
Unless I missed something, I think you missed the STRING part, the equation is in a string form, so unless there is a cool way to get out of that, that I'm not thinking of, that wouldn't work.
logic_earth — 2013-06-20T17:06:35-04:00 — #5
Probably...Focused on going to work work at the moment. The only other solution I could think of is to use a parser in combination with the tokenizer: http://us3.php.net/manual/en/function.token-get-all.php
dresden_phoenix — 2013-06-20T23:14:17-04:00 — #6
I'll have to figure about the tokenizer. am really not concerned about the variables as I already written a couple of nifty scripts that could hand those. I was just hoping to to have to parse through strings of unknown length for patterns of unknown complexity trying to extract operands and perform equations and/or concats if there was something that already did specifically that.
The problem that am running into is that anything that could eval operands is also a system construct which means someone could inject actual PHP commands ... thus presenting tremendous security risk
logic_earth — 2013-06-21T05:47:06-04:00 — #7
The only other alternative, don't allow users or the like to submit such things.