The way people talk about eval, makes it seem like eval is supposed to be avoided, and to be used under no circumstance. So what makes this construct any different from using mysql queries?

Can a sanitized string cause eval to execute a malicious code? How do I prevent users from hacking, if I use eval? I'm starting to worry, because I'm working on a project, and for some of the functions in this project, there doesn't seem to be any other alternative to eval. (evaluating a string of numbers such as "4+3" and return the value of that string)

Is there anything I need to be cautious about other than sanitizing user input?