-2

Possible Duplicate:
When (if ever) is eval NOT evil?

I've heard many places that PHP's eval function is often not the answer. In light of PHP 5.3's LSB and closures we're running out of reasons to depend on eval or create_function.

Is there is any conceivable cases where eval is the best (only?) answer in PHP 5.3?

This question is not about whether eval is evil in general, as it obviously is not.

Summary of Answers:

* Evaluating numerical expressions (or other languages "safe" subsets of PHP)
* Unit testing
* Interactive PHP "shell"
* Deserialization of trusted var_export
* Some template languages
* Creating backdoors for administers and/or hackers
* Compatibility with < PHP 5.3
* Checking syntax (possibly not safe)
Community
  • 1
  • 1
Genius
  • 1,084
  • 2
  • 10
  • 20

2 Answers2

0

I would be inclined to just say 'whenever the evaluated code isn't affected by user input' - but I'm not sure why you would eval() code you already should know, then.

Using eval() in templating systems is something I've stumbled upon a lot of times, but it seems to me like it's an alternative to include() or require() (in those cases) and it seems plausible that altering the solutions could bring the same results without the use of eval().

Repox
  • 15,015
  • 8
  • 54
  • 79
0

To overcome PHP's shortcommings.

In our project we need eval for a class to extend a dynamic class in autoloading. 

eval("class {$baseName}Model extends {$baseName}ModelParent{}");

While it may seem as a code smell, I won't go into details, but it's an absolutely necessary step for us to transparently support many slightly differing projects.

raveren
  • 17,799
  • 12
  • 70
  • 83