0
eval("echo {$row11['incentive']};");

In my table column named incentive , I have values stored like a string for eg. '($workshop_sales*0.005)' and there are mutliple kind of formula stored for calculation of incentive.

I have result generated using above code in php but when I am going to store its value in any variable then it is not getting stored.

How can I store its result? is it possible or not ??

chgav007
  • 85
  • 1
  • 13
  • 1
    be careful, eval() is evil! – Nils Feb 09 '17 at 10:38
  • Agreed, always check what you are evaluating. In your case you can use `return` instead of `echo`. It will return the evaluated value and you can assign it to your variable. `$foo = eval("return {$row11['incentive']};"); ` – Tim Feb 09 '17 at 10:42
  • horrible programming. don't use eval. if you need to compute a value, use a function and `return` the result. – The Onin Feb 09 '17 at 11:46

3 Answers3

2

Instead of echoing inside the eval-ed code, return the value:

<?php
$workshop_sales = rand(1000, 9999);

$row11['incentive'] = '($workshop_sales*0.005)';

$result = eval("return {$row11['incentive']};");

var_dump($result);

From the docs:

eval() returns NULL unless return is called in the evaluated code, ...

And obvious eval is dangerous-statement (also from the docs):

Caution The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

Yoshi
  • 54,081
  • 14
  • 89
  • 103
0

Assumption:

$workshop_sales = 15;
$row11['incentive'] = '($workshop_sales*0.005)';

  • Variant 1 Saving result directly (unsecure):

    $foo = eval("return {$row11['incentive']};");
echo $foo; //Outputs 0.075

  • Variant 2 Replace variable before (should be pretty secure)

    function do_maths($expression) {
    eval('$o = ' . preg_replace('/[^0-9\+\-\*\/\(\)\.]/', '', $expression) . ';');
    return $o;
}

//Replace Variable with value before
$pure = str_replace("\$workshop_sales", $workshop_sales, $row11['incentive']);
//$pure is now (15*0.005)

//Interpret $pure
$foo = do_maths($pure);
echo $foo; // Outputs 0.075

But be careful with eval(), it is evil.

Further information on When is eval evil in php?

The main problems with eval() are:

Potential unsafe input. Passing an untrusted parameter is a way to fail. It is often not a trivial task to make sure that a parameter (or part of it) is fully trusted.

Trickiness. Using eval() makes code clever, therefore more difficult to follow. To quote Brian Kernighan "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it"

Community
  • 1
  • 1
Nils
  • 2,665
  • 15
  • 30
0

simply you can assign the variable to the new value inside the eval function

and use your variable later

for example :

eval('$result = "2";');

echo $result;

this will print out the value of the $result variable

PS, you have to take a look at what @yoshi had mentioned about the dangerous of using eval

hassan
  • 7,812
  • 2
  • 25
  • 36