Re: converting text expressions (like "1+1") to values

On Dec 29, 2007 11:34 AM, Jenda Krynicky <Jenda@xxxxxxxxxxx> wrote:
From: "Chas. Owens" <chas.owens@xxxxxxxxx>
On Dec 28, 2007 10:15 AM, Adarsh Srivastava
<Adarsh.Srivastava@xxxxxxxxxxxxxxxx> wrote:
Hello,

Is there any inbuilt/external function or library that can convert a text
expression (eg. "22 + 23") and evaluate the resulting value?( 45 in this
case).
snip

Well, the string form of eval will do this; however, it is very
dangerous. What if the string contained valid Perl code* to do
something on your system? Any time you use the string form of eval
you should first run the string through a regex make sure it only
contains things you expect it to.

Another way to restrict what the evaled code may do is to use the
Safe.pm module.

use Safe;

$safe = new Safe;
$safe->reval("22+23");
snip

Nice, and it is even part of Core Perl (I really need to sit down and
go over corelist), but the default opmask isn't safe enough. To quote
the perldoc for Opode, "If safety matters to you (and why else would
you be using the Opcode module?) then you should not rely on the
definition of this, or indeed any other, optag!". Given this problem
I would say the following code is appropriate; however, all of this
assumes that the string to be eval'ed will be valid Perl code. If the
expressions you are getting expect to be able to use x^y or pow(x,y)
instead of x**y for raising x to y, you will still need to write your
own parser.

use strict;
use warnings;
use Safe;

our $matheval = Safe->new;
$matheval->allow_only(qw<atan2 sin cos exp log sqrt pow multiply
i_multiply divide i_divide modulo i_modulo add i_add subtract
i_substract int abs>);
..
..
..

my $expr = get_expresion();
my $result = $matheval->reval($expr);
die "got error [$@] when eval'ing [$expr]" if $@;
.

Relevant Pages

  • Re: return multiple rows from sql statement
    ... strings from input values is almost certainly a safe path to SQL ... Also, being a MySQL function, it knows what MySQL needs or uses. ... The insert of what surprisinlgly was NOT a syntax error, but a string called "mysql_insert_id" into an integer field resulted in the value zero being put in. ... derived form..now normally I update the database, then read the data from the database back into the form: In this case I was testing 'failed to update, re-enter some data' and the backslashed stuff gave me issues with quotes and backslashes. ...
    (comp.lang.php)
  • Re: return multiple rows from sql statement
    ... strings from input values is almost certainly a safe path to SQL ... Note the order of quotes and dots. ... The insert of what surprisinlgly was NOT a syntax error, but a string called "mysql_insert_id" into an integer field resulted in the value zero being put in. ... I did have an issue with redisplaying data that had come from a POST derived form..now normally I update the database, then read the data from the database back into the form: In this case I was testing 'failed to update, re-enter some data' and the backslashed stuff gave me issues with quotes and backslashes. ...
    (comp.lang.php)
  • RE: converting text expressions (like "1+1") to values
    ... Perl doest seem to catch errors like divide-by-zero error. ... Well, the string form of eval will do this; ... $safe = new Safe; ... assumes that the string to be eval'ed will be valid Perl code. ...
    (perl.beginners)
  • Re: Simple and safe evaluator
    ... in string into an abstract symbol tree. ... Python would just use the ast internally to create code. ... fileconstructor not accessible in restricted mode ... evalexploit has to be entered via the "safe" eval to start with. ...
    (comp.lang.python)
  • Re: return multiple rows from sql statement
    ... strings from input values is almost certainly a safe path to SQL ... All characters that are entered in the fields make their way into the database unaltered. ... The insert of what surprisinlgly was NOT a syntax error, but a string called "mysql_insert_id" into an integer field resulted in the value zero being put in. ... Any POST data that needs to be inserted into input fields and the like - ...
    (comp.lang.php)