Can an operator be a variable?

**Comex** · Jul 17 '05, 12:08 AM

Re: Can an operator be a variable?

<73Jab.387589$c F.118181@rwcrns c53>
GluedToTheScree n:[color=blue]
> Pretty new to PHP, but learning fast...
>
> Can I somehow evaluate a variable as an operator?
>
> For example,
>
> if($someselecti on == 'EQ'){
> $oper = '==';
> }
>
> if($leftexpress ion $oper $rightexpressio n){
> //do something
> }
>
> Tried eval() but no go.[/color]

why not?
eval('$correct = $left ' . $oper . ' $right;');
if ($correct) {
// do something
}
non-tested

**Andy Hassall** · Jul 17 '05, 12:08 AM

Re: Can an operator be a variable?

On Fri, 19 Sep 2003 19:47:15 GMT, "GluedToTheScre en" <nobody@nowhere .com>
wrote:
[color=blue]
>Pretty new to PHP, but learning fast...
>
>Can I somehow evaluate a variable as an operator?
>
>For example,
>
>if($someselect ion == 'EQ'){
> $oper = '==';
>}
>
>if($leftexpres sion $oper $rightexpressio n){
> //do something
>}
>
>Tried eval() but no go.[/color]

Could use eval, but for security it's best avoided.

<pre>
<?php
function apply_operator( $left, $right, $oper) {
switch ($oper) {
case 'eq':
return $left == $right;
case 'ne':
return $left != $right;
}
}

var_dump(apply_ operator(1, 1, 'eq'));
var_dump(apply_ operator(1, 0, 'eq'));
var_dump(apply_ operator(1, 1, 'ne'));
var_dump(apply_ operator(1, 0, 'ne'));
?>
</pre>

Output:

bool(true)
bool(false)
bool(false)
bool(true)

--
Andy Hassall (andy@andyh.co. uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)

**Andy Hassall** · Jul 17 '05, 12:08 AM

Re: Can an operator be a variable?

On Fri, 19 Sep 2003 20:08:08 GMT, "Comex" <spam@xemoc.cjb .net> wrote:
[color=blue]
><73Jab.387589$ cF.118181@rwcrn sc53>
>GluedToTheScre en:[color=green]
>> Pretty new to PHP, but learning fast...
>>
>> Can I somehow evaluate a variable as an operator?
>>
>> For example,
>>
>> if($someselecti on == 'EQ'){
>> $oper = '==';
>> }
>>
>> if($leftexpress ion $oper $rightexpressio n){
>> //do something
>> }
>>
>> Tried eval() but no go.[/color]
>
>why not?
>eval('$corre ct = $left ' . $oper . ' $right;');
>if ($correct) {
>// do something
>}
>non-tested[/color]

$left = 'system("rm -rf /")';

... might be a reason :-)

--
Andy Hassall (andy@andyh.co. uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)

**GluedToTheScreen** · Jul 17 '05, 12:08 AM

Re: Can an operator be a variable?

Comex wrote:[color=blue]
> eval('$correct = $left ' . $oper . ' $right;');
> if ($correct) {
> // do something
> }[/color]

That works... shows what you can do if you use the right syntax.

[...more in next message...]

Thanks.

--
G2
**

**GluedToTheScreen** · Jul 17 '05, 12:08 AM

Re: Can an operator be a variable?

Andy Hassall wrote:[color=blue]
>
> $left = 'system("rm -rf /")';
>
> ... might be a reason :-)[/color]

Shows what you can do if you use the right syntax.

Good reason.

--
G2
**

**GluedToTheScreen** · Jul 17 '05, 12:08 AM

Re: Can an operator be a variable?

Andy Hassall wrote:[color=blue]
> function apply_operator( $left, $right, $oper) {
> switch ($oper) {
> case 'eq':
> return $left == $right;
> case 'ne':
> return $left != $right;
> }
> }
>
> var_dump(apply_ operator(1, 1, 'eq'));[/color]

Yea, I came up with something along this line but was looking for something
easier... lazy me. Guess this is better than the previous approach,
though.

Thanks.

--
G2
**

**Comex** · Jul 17 '05, 12:08 AM

Re: Can an operator be a variable?

<rnommvknga3qvs am06srvsohqrv5g ftr7n@4ax.com>
Andy Hassall:[color=blue]
> $left = 'system("rm -rf /")';
>
> ... might be a reason :-)[/color]

The code was not: eval("$answer = $left $operator $right"), it was
eval('$answer = $left ' . $operator . ' $right') so only $operator could do
something liek that.

**Andy Hassall** · Jul 17 '05, 12:08 AM

Re: Can an operator be a variable?

On Fri, 19 Sep 2003 20:27:45 GMT, "Comex" <spam@xemoc.cjb .net> wrote:
[color=blue]
><rnommvknga3qv sam06srvsohqrv5 gftr7n@4ax.com>
>Andy Hassall:[color=green]
>> $left = 'system("rm -rf /")';
>>
>> ... might be a reason :-)[/color]
>
>The code was not: eval("$answer = $left $operator $right"), it was
>eval('$answe r = $left ' . $operator . ' $right') so only $operator could do
>something liek that.[/color]

Ah, yes - you're right. So you have to be paranoid about the contents of
$operator.

--
Andy Hassall (andy@andyh.co. uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)

**Bruno Desthuilliers** · Jul 17 '05, 12:08 AM

Re: Can an operator be a variable?

Andy Hassall wrote:[color=blue]
> On Fri, 19 Sep 2003 20:27:45 GMT, "Comex" <spam@xemoc.cjb .net> wrote:
>
>[color=green]
>><rnommvknga3q vsam06srvsohqrv 5gftr7n@4ax.com >
>>Andy Hassall:
>>[color=darkred]
>>>$left = 'system("rm -rf /")';
>>>
>>> ... might be a reason :-)[/color]
>>
>>The code was not: eval("$answer = $left $operator $right"), it was
>>eval('$answ er = $left ' . $operator . ' $right') so only $operator could do
>>something liek that.[/color]
>
>
> Ah, yes - you're right. So you have to be paranoid about the contents of
> $operator.
>[/color]

Well... You've got to be paranoïd about anything that is eval()'ued, and
about anything that's include()'d, and about anything that comes from
the big evil outside world :(

Bruno

**Comex** · Jul 17 '05, 12:08 AM

Re: Can an operator be a variable?

<3f6b6e05$0$270 44$626a54ce@new s.free.fr>
Bruno Desthuilliers:[color=blue]
> Well... You've got to be paranoïd about anything that is eval()'ued,
> and about anything that's include()'d, and about anything that comes
> from
> the big evil outside world :(
>
> Bruno[/color]

The example shown in the original post didn't have $operator coming from the
outside world though...

Can an operator be a variable?

Can an operator be a variable?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment