Plug-in PHP: 100 Power Solutions By Robin Nixon (McGraw Hill 2010, ISBN 978-0071666596) Home | About | Buy It | Download | Contact |

## Chapter 6: Plug-in 31 - Evaluate ExpressionYou might think that offering support for evaluating expressions would be a simple matter of calling the PHP eval() function with a user supplied input. Unfortunately, though, eval() is an extremely powerful function which will interpret any string supplied to it as if it were a PHP program. Therefore using it could completely open up your website to any intruder with a minimum of PHP knowledge. But with this plug-in the user input is completely sanitized by stripping out any characters and functions that are not safe, leaving only a selection of 22 mathematical functions and the basic math operators (plus, minus, multiply and divide), and only then is the input passed to eval(). |