A McGraw Hill Book Plug-in PHP: 100 Power Solutions
By Robin Nixon (McGraw Hill 2010, ISBN 978-0071666596)

Home | About | Buy It | Download | Contact

Select Chapter: 1  2  3  4  5  6  7  8  9 10 11 12

Chapter 6: Plug-in 31 - Evaluate Expression

You might think that offering support for evaluating expressions would be a simple matter of calling the PHP eval() function with a user supplied input. Unfortunately, though, eval() is an extremely powerful function which will interpret any string supplied to it as if it were a PHP program. Therefore using it could completely open up your website to any intruder with a minimum of PHP knowledge. But with this plug-in the user input is completely sanitized by stripping out any characters and functions that are not safe, leaving only a selection of 22 mathematical functions and the basic math operators (plus, minus, multiply and divide), and only then is the input passed to eval().

The Figure shows the result of evaluation various expressions.