Questions tagged [eval]

eval is a function that allows a programmer to execute arbitrary code written in the same language, from a string variable within a code.

eval is a function available in a number of programming languages (including php, ruby, python, bash, javascript, among others), which allows programmers to execute arbitrary code written in the same language, from a string variable within a code.

Documentation

Disadvantages

Use of the eval function is generally considered to be bad practice, for a number of reasons:

Most importantly, it can cause severe security issues in any code that uses eval. Because eval will run any code in its host language, a hacker may use an eval statement to run his own code, and thus compromise the system. To minimize the effect, a programmer shall have to verify syntax of the statement that have to be evalulated.
Secondly, it is slow. Most languages, even interpreted ones such as php and javascript, have built-in optimisers and just-in-time compilers to speed up execution. However code run via an eval statement cannot be optimised, as the interpreter cannot know the exact code that will be run until it is too late to run any optimisations.
Finally, in almost all cases, use of eval is unnecessary, as the desired effect can almost always be achieved without needing to use it.

4877 questions

584

votes

25 answers

Why is using the JavaScript eval function a bad idea?

The eval function is a powerful and easy way to dynamically generate code, so what are the caveats?

javascript security eval

asked Sep 17 '08 at 19:09

Brian Singh

6,686
4
25
22

565

votes

3 answers

What's the difference between eval, exec, and compile?

I've been looking at dynamic evaluation of Python code, and come across the eval() and compile() functions, and the exec statement. Can someone please explain the difference between eval and exec, and how the different modes of compile() fit in?

python dynamic eval exec

asked Feb 08 '10 at 09:56

andrewdotnich

16,195
7
38
57

359

votes

8 answers

Evaluate expression given as a string

I'm curious to know if R can use its eval() function to perform calculations provided by e.g. a string. This is a common case: eval("5+5") However, instead of 10 I get: [1] "5+5" Any solution?

r eval r-faq

asked Nov 16 '09 at 17:39

Federico Giorgi

10,495
9
42
56

341

votes

12 answers

What does Python's eval() do?

In the book that I am reading on Python, it keeps using the code eval(input('blah')) I read the documentation, and I understand it, but I still do not see how it changes the input() function. What does it do? Can someone explain?

python eval

asked Feb 21 '12 at 19:19

Billjk

10,387
23
54
73

301

votes

27 answers

When is JavaScript's eval() not evil?

I'm writing some JavaScript code to parse user-entered functions (for spreadsheet-like functionality). Having parsed the formula I could convert it into JavaScript and run eval() on it to yield the result. However, I've always shied away from using…

javascript coding-style eval

asked Oct 13 '08 at 14:28

Richard Turner

12,506
6
36
37

280

votes

6 answers

Using python's eval() vs. ast.literal_eval()

I have a situation with some code where eval() came up as a possible solution. Now I have never had to use eval() before but, I have come across plenty of information about the potential danger it can cause. That said, I'm very wary about using…

python eval abstract-syntax-tree

asked Mar 04 '13 at 08:50

tijko

7,599
11
44
64

223

votes

23 answers

Convert a string to a template string

Is it possible to create a template string as a usual string, let a = "b:${b}"; and then convert it into a template string, let b = 10; console.log(a.template()); // b:10 without eval, new Function and other means of dynamic code generation?

javascript ecmascript-6 eval template-strings

asked Mar 21 '15 at 11:34

KOLANICH

2,904
2
20
20

197

votes

11 answers

The 'eval' command in Bash and its typical uses

After reading the Bash man pages and with respect to this post, I am still having trouble understanding what exactly the eval command does and which would be its typical uses. For example, if we do: $ set -- one two three # Sets $1 $2 $3 $ echo…

linux bash shell scripting eval

asked Jun 16 '12 at 16:13

stratis

7,750
13
53
94

187

votes

8 answers

Why is using 'eval' a bad practice?

I use the following class to easily store data of my songs. class Song: """The class to store the details of each song""" attsToStore=('Name', 'Artist', 'Album', 'Genre', 'Location') def __init__(self): for att in…

python eval

asked Dec 02 '09 at 13:34

Nikwin

6,576
4
35
43

171

votes

5 answers

instantiate a class from a variable in PHP?

I know this question sounds rather vague so I will make it more clear with an example: $var = 'bar'; $bar = new {$var}Class('var for __construct()'); //$bar = new barClass('var for __construct()'); This is what I want to do. How would you do it? I…

php class variables eval

asked Feb 10 '09 at 20:52

Pim Jager

31,965
17
72
98

170

votes

23 answers