I'm attempting to make a function in PHP that will evaluate a mathematical expression -- including functions such as sin, cos, etc. My approach is to delete all characters in the phrase that are not numbers, mathematical operators, or mathematical functions and then use that string in an eval(). The problem is that I don't know enough about regular expressions to negate both characters and phrases in the same expression.
So far, this is what I've got:
$input = preg_replace("/[^0-9+\-.*\/()sincota]/", "", $input);
Obviously, the characters for sin, cos, and tan can be used in any order in the input expression (rather than only allowing the phrases sin, cos, and tan). If I further expand this function to include even more characters and functions, that presents an even bigger security risk as a malicious user would be able to execute just about any PHP command through clever interaction with the app.
Can anyone tell me how to fix my regex and eliminate this problem?