|
-
Jun 6th, 2015, 01:32 PM
#1
Thread Starter
Fanatic Member
[RESOLVED] PHP's eval() construct safety question
The way people talk about eval, makes it seem like eval is supposed to be avoided, and to be used under no circumstance. So what makes this construct any different from using mysql queries?
Can a sanitized string cause eval to execute a malicious code? How do I prevent users from hacking, if I use eval? I'm starting to worry, because I'm working on a project, and for some of the functions in this project, there doesn't seem to be any other alternative to eval. (evaluating a string of numbers such as "4+3" and return the value of that string)
Is there anything I need to be cautious about other than sanitizing user input?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|