tags:

views:

630

answers:

13
+11  Q: 

When (if ever) is eval NOT evil?

I've heard many places that PHP's eval function is often not the answer. In light of PHP 5.3's LSB and closures we're running out of reasons to depend on eval or create_function.

Is there is any conceivable cases where eval is the best (only?) answer in PHP 5.3?

This question is not about whether eval is evil in general, as it obviously is not.

+2  A: 

If you are writing a site that interprets and executes PHP code, like an interactive shell would.

...

I'm a systems guy, that's all I got.

Ed Swangren  2010-08-17 05:59:40
This kind of application would be hard to sandbox (if possible at all), and would *have* to require admin access to use. If the user is required to have admin access, there is little-to-no reason for them not to just edit a `.php` files directly or fire up `php -a`.
Kendall Hopkins  2010-08-17 06:08:13
@Ken I don't see what "admin access" has to do with anything here.
Artefacto  2010-08-17 06:24:23
@Kendall Hopkins: These applications already exist.
Ed Swangren  2010-08-17 16:41:47
@Ed Swangren Link?
Kendall Hopkins  2010-08-20 20:19:08
http://try-python.mired.org/ http://www.ruby.ch/interpreter/rubyinterpreter.shtml http://blog.arpitnext.com/2009/08/codepad-online-compiler-interpreter-run.html - there are three
Ed Swangren  2010-08-20 20:50:48
+1  A: 

An appropriate occasion (given the lack of easy alternatives) would be when trusted data was serialized with var_export and it's necessary to unserialize it. Of course, it should never have been serialized in that fashion, but sometimes the error is already done.

Artefacto  2010-08-17 06:22:43
+8  A: 

If you're writing malware and you want to make life hard for the sysadmin who's trying to clean up after you. That seems to be the most common usage case in my experience.

tylerl  2010-08-17 06:35:36
While it's valid use, the language probably should be offering solutions for that kind of problem :P
Kendall Hopkins  2010-08-17 06:37:31
Eval isn't the half of it -- http://stackoverflow.com/questions/3115559/
tylerl  2010-08-17 20:25:10
+1  A: 

I suppose, eval should be used where the code is actually needs to be compiled. I mean such cases like template file compilations (template language into PHP for the sake of performance), plugin hook compilation, compilations for performance reasons etc.

FractalizeR  2010-08-17 08:52:49
Most popular templating engines (smarty and twig) have found that it way faster to write the PHP code to a file that way it can take advantage of opcode caching. It'd have to be a pretty crazy templating system to *require* run time building of template code.
Kendall Hopkins  2010-08-17 13:35:09
VBulletin Plugin System and templates are an example of what I've said.
FractalizeR  2010-08-17 14:50:33

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases