guyinva Posted April 15, 2008 Share Posted April 15, 2008 Hi, I really don't want to use eval() for my situation, so I'm seeing if anyone has a better way to do this... I have almost 500 fields used to feed some forms. Not all of them are used at the same time, but all need to be available. Some of these are simple literals, like a simple fee amount, but some are equations, like fees that are determined by office location and time of year. The fields also need to be changeable by 20 or so admin users. There will be times when there need to be around 50 changes per week, so having one person to change these fields in a file would be unreasonable. Also, writing changes to a file this big programatically would be a nightmare. (I can just think of trying to track down errors in a 3500 line file.) So, as it stands, I'm storing the field equations in a database and eval-ing them as needed. I don't like this method though, so I'm hoping someone might have a better idea of how this can be done. Thanks! Link to comment https://forums.phpfreaks.com/topic/101151-alternative-for-eval-situation/ Share on other sites More sharing options...
discomatt Posted April 15, 2008 Share Posted April 15, 2008 The method you're using make sense. What don't you like about it? The only other way i can see doing this is making each equation a function or class in it's own file, and using and autoloader (assuming class) to bring em in as needed Link to comment https://forums.phpfreaks.com/topic/101151-alternative-for-eval-situation/#findComment-517370 Share on other sites More sharing options...
guyinva Posted April 15, 2008 Author Share Posted April 15, 2008 Using eval in general just scares me. It's difficult to track down errors when something goes wrong, especially if a fatal error occurs in the eval'd script. In general, I've always felt eval'ing script is a sketchy proposition. Link to comment https://forums.phpfreaks.com/topic/101151-alternative-for-eval-situation/#findComment-517381 Share on other sites More sharing options...
PFMaBiSmAd Posted April 15, 2008 Share Posted April 15, 2008 Unless the actual equations change, you should only be storing the data in the database. The equations should be hard coded (functions) and the data would be placed in variables in the equation. If the actual equations change, your choices would be to use the create_function() function, find or write a general math equation parser, use eval(), or write the dynamically produced php code to a file and include() it. Link to comment https://forums.phpfreaks.com/topic/101151-alternative-for-eval-situation/#findComment-517387 Share on other sites More sharing options...
guyinva Posted April 15, 2008 Author Share Posted April 15, 2008 create_function() looks interesting (I can think of other places where I can use that). Unfortunately, even the basic equations will be changing, so in this case it wouldn't help. Link to comment https://forums.phpfreaks.com/topic/101151-alternative-for-eval-situation/#findComment-517401 Share on other sites More sharing options...
discomatt Posted April 15, 2008 Share Posted April 15, 2008 Eval is a great solution... Many people say to avoid it (which is a good general rule), but if you understand the risks of using it you can take steps to remove them. To avoid fatal errors, write a code validation/debug function. It wouldn't surprise me if there was one floating around the net you could 'take inspiration' from. Also, you could sanitize input to remove bad functions (white list probably easier than black list) if you didn't trust your fellow programmers. Sadly, there's no 'safe and easy' solution for something as complex as your problem Link to comment https://forums.phpfreaks.com/topic/101151-alternative-for-eval-situation/#findComment-517415 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.