Page 1 of 1

I can't EVAL-uate...

Posted: Thu Jun 09, 2005 5:39 am
by harrison
I know that the function eval() will evaluate a string as a PHP code. Yet I don't understand why most of the scripts i found in internet first put a php code in a string and then evaluate it later.

Code: Select all

// this example is taken from a session management class
public function isSetVar($name){
$expr = "return isset(".$this->getNames($name).");";
return eval($expr);
}
Why not executing the code directly, as in:

Code: Select all

public function isSetVar($name){
return isset($_SESSION[$name]);
}
Please give me you opinion.

Posted: Thu Jun 09, 2005 5:45 am
by Syranide
because PHP is a language that allows pretty much anyone to create somethings, and unfortunately, most of the people doing PHP doesn't have a clue about what they are actually doing, I've done extremely large projects in PHP, and NONE has ever required the use of eval, only thing I can really find it useful for i like putting scripts in a database (having formulas etc for "attack damage" and such if you'd like), or for creating hacks.'

so with other words, you are perfectly right, why not? because it is the way it's meant to be done... this is why I seldom recommend people to learn from PHP source but only look at it and build an opinion or basic knowledge of structure.

EDIT: eval has some serious setbacks too that one should be aware of, so stay away at all cost unless you have some devious plan ;)

Posted: Thu Jun 09, 2005 6:42 am
by John Cartwright
I have yet to see a script "consistantly" use eval.. it is generally frowned upon. Especially when the user can input contents into the site -- even worse with register globals on and a call to eval.