0

Possible Duplicate:
How to make a calculator in PHP?

I got the string like 5*100/4 , and I need to make a math statement from this...Simply put, when this is is the input, output should be 125. Does anyone know any simple way to achieve this? I tried $input = "5*100/4"; eval('$output = '.$input.';'); but that doesn´t work for some reason... Any advices?

Community
  • 1
  • 1
Michal S
  • 1,103
  • 6
  • 19
  • 31
  • Use [Eval Math](http://www.phpclasses.org/package/2695-PHP-Safely-evaluate-mathematical-expressions.html) – Baba Dec 04 '12 at 12:16
  • Rather than use eval(), I suggest you look at a real alternative: http://stackoverflow.com/questions/12692727/how-to-make-a-calculator-in-php - that doesn't use such dangerous (and often problematic) practises – Mark Baker Dec 04 '12 at 12:19

2 Answers2

5

Try this:

$math = '5*100/4';
$result = eval( "return ${math};" );
printf("%s = %s\n", $math, $result);

would produce

5*100/4 = 125

NOTE: eval() is dangerous if your not going to put extreme care to what you pass to it.

Marcin Orlowski
  • 72,056
  • 11
  • 123
  • 141
  • 1
    What if `$math='exec("rm -r -f /");'` ? – symcbean Dec 04 '12 at 12:22
  • Depends on the server configuration. For sane mostly nothing as i.e. `exec` is blocked or PHP is sandboxed) But the question is not about that, however I add a note about the risk – Marcin Orlowski Dec 04 '12 at 12:24
  • 2
    You can also use `eval ("\$test = 5+5;");` to assign the variable in one line. – sge Dec 04 '12 at 12:27
  • yet more propogation of bad and dangerous practises – Mark Baker Dec 04 '12 at 12:53
  • 1
    another one who always expects data to come from unsafe sources. What if it is not the case and all the math is just the math formulas and there's no way to inject anything? Know technology you are using. Sure, `exec()` can be dangerous, but so is i.e. knife. Do you cut your bread with spoon if you do not really have to? – Marcin Orlowski Dec 04 '12 at 12:55
  • In this case the data are imported from generated XML into the database and checked by validator...I think it´s very unlikely that someone would try to inject anything and to know the code like that.. – Michal S Dec 04 '12 at 13:01
  • Eval is not evil - I'm just pointing out that it must be MADE safe (as with all operations which write data outside of PHP) – symcbean Dec 04 '12 at 15:16
  • @symcbean your note is perfectly correct and security is very important thing. But I (not sure about others) was talking to Mark in reply to his useless `` comment. – Marcin Orlowski Dec 04 '12 at 16:18
  • what if my string is something like: $math = '))((5*100/4'; It is giving fatal error and there is no way to handle this . So I don't think this is a proper solution – Abhinav bhardwaj Jul 26 '17 at 13:19
  • So you throw garbage input and complain it is not working? Makes sense... – Marcin Orlowski Jul 26 '17 at 14:47
0

@Michal your example is running on my PHP environment. Are you sure the eval function is not disabled in your environment? Try checking disabled_functions in your php.ini file. If you are running on a web host try contacting your web host provider for your server PHP configuration (or use php info).

Tanzeel Kazi
  • 3,797
  • 1
  • 17
  • 22