6 Replies - 9144 Views - Last Post: 17 August 2013 - 03:15 AM

#1 e_i_pi  Icon User is offline

  • = -1
  • member icon

Reputation: 795
  • View blog
  • Posts: 1,681
  • Joined: 30-January 09

When would/do you use eval()?

Posted 15 March 2013 - 04:54 PM

I've reached an interesting point in some of my code where the use of eval() is necessitated. Out of interest, I'm wondering what other situations developers have found the need to use eval(). I'll explain my situation first, to kick things off...

I'm developing an online board game creator, where users can define their own board games from top to bottom, and amongst this is the ability to define your own "Win Conditions" from pre-defined components called "Win Condition Rules". As a for instance, someone may create a Win Condition that is defined as such:
Rule1
OR (
  Rule2
  AND Rule3
) OR Rule4


Due to the fact that these rules are stored in a database, the Rules need to be stored as IDs, along with the boolean operators that seperate them, and any aggregating factors (i.e. - brackets). As such, when it comes to determining if a Win Condition is met, the rules themselves need to be evaluated out into OO code that looks like this:
DefeatAllOpponents::IsMet($params)
|| (
  CaptureTerritories::IsMet($params)
  && CaptureZones::IsMet($params)
) || CaptureAndHoldKeyTerritory($params)


Obvisouly, once I have a nested array structure given in the first code block above, generating a PHP string of the second code block is reasonably trivial. After this, the code block needs to be evaluated using the eval() function. Overall I think it's a neat solution, as it retains the dynamism of users being able to create rich and complex Win Conditions, while also avoiding the problem of user entered strings that may cause a security issue on the server during evaluation.

Anyone else got stories of where they have used eval() as a necessity?

Is This A Good Question/Topic? 0
  • +

Replies To: When would/do you use eval()?

#2 Duckington  Icon User is offline

  • D.I.C Addict

Reputation: 170
  • View blog
  • Posts: 608
  • Joined: 12-October 09

Re: When would/do you use eval()?

Posted 19 March 2013 - 02:13 PM

I have never found it to be required in any circumstance.
Was This Post Helpful? 0
  • +
  • -

#3 andrewsw  Icon User is online

  • Fire giant boob nipple gun!
  • member icon

Reputation: 3480
  • View blog
  • Posts: 11,875
  • Joined: 12-December 12

Re: When would/do you use eval()?

Posted 19 March 2013 - 02:59 PM

I found it convenient (in Javascript) to use eval() when creating a date-formatting function, a part of which is shown here:

        DD = ( D < 10 ? "0" : "" ) + D,
        MM = ( M < 10 ? "0" : "" ) + M,
        NN = ( N < 10 ? "0" : "" ) + N, 
        SS = ( S < 10 ? "0" : "" ) + S,
        ZZZ = ( Z < 10 ? "00" : (Z < 100 ? "0" : "") ) + Z, XX;
    var AP = (sFormat && (sFormat.toUpperCase().indexOf('AP')+1)) ? 
        ((sFormat.indexOf('ap')+1) ? ap : ap.toUpperCase()) : '';
    if (twelve || AP) {
        H = (H < 12) ? (H || 12) : ((H - 12) || 12);
    }
    var HH = ( H < 10 ? "0" : "" ) + H;
    XX = (D == 1 || D == 21 || D == 31) ? "st" : 
        ((D == 2 || D == 22) ? "nd" : ((D == 3 || D == 23) ? "rd" : "th"));
    sFormat = ( sFormat ) ? sFormat.toUpperCase() : 'YYYY/MM/DD';
    var sParsed = sFormat.replace(/D{1,4}|M{1,4}|Y{2,4}|H{1,2}|N{1,2}|S{1,2}|Z{1,3}|XX|AP/g,
        function (m) {
            try {
                return eval(m);
            } catch (e) {
                return '';
            }
        });
    return sParsed;

eval() is only called on variations of D, DD, MM, etc., and completely ignored otherwise, preventing any injection.

Nevertheless, I also wrote a version that didn't use eval(). The version with eval() was slightly more convenient, but not a necessity.

This post has been edited by andrewsw: 19 March 2013 - 03:02 PM

Was This Post Helpful? 0
  • +
  • -

#4 Shaymus  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 3
  • Joined: 15-April 13

Re: When would/do you use eval()?

Posted 15 April 2013 - 06:51 PM

One of my projects uses the eval() function, a templating engine that allows you to use PHP in your templates.
Was This Post Helpful? 0
  • +
  • -

#5 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3541
  • View blog
  • Posts: 10,236
  • Joined: 08-June 10

Re: When would/do you use eval()?

Posted 15 April 2013 - 10:12 PM

though that brings up (at least for me) the question, why would you want to have executable code in a template?
Was This Post Helpful? 3
  • +
  • -

#6 chtombleson  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 22
  • Joined: 28-September 09

Re: When would/do you use eval()?

Posted 10 May 2013 - 04:15 PM

The use of eval in PHP is a dangerous thing esspecially if your evaluating user input, which should never be done!
They should really re-name eval to evil.

However with that said some templating engines do use eval in a safe manner. If you are going to use eval you will want to sandbox it or only allow certain functions and statements.
Was This Post Helpful? 0
  • +
  • -

#7 charl3s7  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 10
  • Joined: 28-August 10

Re: When would/do you use eval()?

Posted 17 August 2013 - 03:15 AM

The use eval() brings up a huge security issue. Anything that is displayed from user input can be parsed. What makes it even worse is that it runs in the same function environment as the rest of your code. Of course it can be useful for dynamic templates, but it's safest to do your parsing in your controller scripts and then passing the output onto your templates.

But other than that, I have not found any "uses" for eval().
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1