1

Simple question really. I have come across an issue with work where it would be ideal to store >= <= and == into a variable to spit out into certain if statements wherever the case may be.

$numb1 = 5
$numb2 = 10
$option = >=

if($numb1 $option $numb2)
user1707616
  • 117
  • 2
  • 9

4 Answers4

1

Not without using eval() which is generally considered a bad idea

John Conde
  • 217,595
  • 99
  • 455
  • 496
  • How would that work? Also why is it considered a bad idea? As it stands I have < > == stored in sql and I do checks to first see which it is then proceed with the right if statement – user1707616 Feb 14 '13 at 01:58
  • You have to be very careful to ensure that eval can never take in user input. Even if you're 100% sure you, it's still safer to use switches and if-else structures, rather than running the risk. What if down the track someone sees your function and thinks "That looks handy" and doesn't realise the potential consequences of eval() so they send user input into the function as one of the paramaters... – mr mojo risin Feb 14 '13 at 02:03
  • The variables that would be used for the eval() are static and set by a select list then stored in sql. Therefore I know exactly what will be in the statement I think. – user1707616 Feb 14 '13 at 02:06
  • As below, select boxes aren't as secure as people think. They can still be manipulated client side using Firebug or something like that. You still need to perform some validation on the server side for select boxes. – mr mojo risin Feb 14 '13 at 02:08
1

Doing it directly like that, will only work using eval() - Using eval is not considered good practice. The main problem being that if the eval() statements takes in user input the user can inject php into your code. That's obviously bad. Refer this thread - When is eval evil in php?

What you'd be better off doing is created a series of switch statements for all the various operations such as 'greater than', 'less than', 'equals' and so forth...

Community
  • 1
  • 1
mr mojo risin
  • 555
  • 4
  • 15
  • Alright so long story short I am doing it the right way. I just wanted to make sure that there wasn't something that I was missing with that. Thanks! – user1707616 Feb 14 '13 at 02:01
  • Actually thinking about this a bit more, eval() is considered a bad thing if the user has input as to what will go there correct? For this current situation I am using a select list with the presets of < > and ==. That being said perhaps using eval() is more of a logical answer? – user1707616 Feb 14 '13 at 02:04
  • 1
    If you are using a select list, then the user has input, in which case eval() should definitely not be used. Even though you are using a select box to restrict input, this is only pseudo-security as there is nothing to stop the user manipulating the HTML page with firebug or any other tool, changing the value of the options to some malicious code and then posting that form to your web server. – mr mojo risin Feb 14 '13 at 02:06
  • Very well then! Thanks for the information! I will stick with my orig way of doing things. – user1707616 Feb 14 '13 at 02:08
1

The best thing to do for this is to make a function call or object wrapper, and then call the function to achieve the same result.

Example:

$func = '__my_eq_op_';


if ($func($numb1,$numb2)) {
  // Do stuff
}

The operator functions are then...

function __my_eq_op($a,$b) {
  return $a == $b;
}

function __my_gte_op($a,$b) {
  return $a >= $b;
}

function __my_lte_op($a,$b) {
  return $a <= $b;
}

For example. So you can really just break it down into using the functions instead.

For this:

if ($x == $y)

The parser sees 6 tokens... 1) KEYWORD IF: 2) LPAREN 3) VAR X 4) EQ 5) VAR Y 6) RPAREN

The parser uses these tokens to construct the AST for the IF conditional. Your thinking needs to move away from seeing the "==" as a variable. It's an operator!

  • I think this answer would probably be another good way to go although I am not completely comfortable with functions yet. They are hard for me to get a grasp on in a way I think. – user1707616 Feb 14 '13 at 02:11
  • Nice idea +1, but the "stuff" will always be the same, I don't know how this could be useful... – Valky Feb 14 '13 at 02:15
  • There is not much else to do about it in general. The >= and <= operators are just that, operators. If you try and use them as variables how is the parser supposed to compute operator precedence? –  Feb 14 '13 at 02:17
1

You can't put a var for testing this in a control instruction. This will return some : syntax error, unexpected T_VARIABLE

You could use some eval() to do it, but it's not advisable.

Perhap's you could make something different with the following :

$option=$_GET['option']; // or POST or something else...
$numb1 = 5;
$numb2 = 10;

switch($option) {
 case ">=":
    if($numb1 >= $numb2){//someting}
    break;
 case "<=":
    if($numb1 <= $numb2){//someting}
    break;
 case "==":
    if($numb1 == $numb2){//someting}
    break;
 default://something else if there is no $option
    break;
}

Or with a function like the following

function testVar($numb1,$numb2,$option)
{
   // Same switch
}
Valky
  • 1,856
  • 3
  • 20
  • 38