eval

If the code is the same, there appears to be a difference between: include 'external.php'; and eval('?>' . file_get_contents('external.php') . '<?php'); What is the difference? Does anybody know? I know the two are different because the include works fine and the eval gives an error. When I originally asked the question, I wasn't sure whether it gave an error on all code or just on mine (and because the code was eval ed, it was very hard to find out what the error meant). However, after having researched the answer, it turns out that whether or not you get the error does not depend on the code

Are there any security exploits that could occur in this scenario: eval(repr(unsanitized_user_input), {"__builtins__": None}, {"True":True, "False":False}) where unsanitized_user_input is a str object. The string is user-generated and could be nasty. Assuming our web framework hasn't failed us, it's a real honest-to-god str instance from the Python builtins. If this is dangerous, can we do anything to the input to make it safe? We definitely don't want to execute anything contained in the string. See also: Funny blog post about eval safety Previous Question Blog: Fast deserialization in Python

I'm looking to implement something in Java along the lines of: class Foo{ private int lorem; // private int ipsum; public setAttribute(String attr, int val){ //sets attribute based on name } public static void main(String [] args){ Foo f = new Foo(); f.setAttribute("lorem",1); f.setAttribute("ipsum",2); } public Foo(){} } ...where a variable is set based on the variable name without the variable names hard-coded and without using any other data structures. Is this possible? Here's how you might implement setAttribute using reflection (I've renamed the function; there are different reflection

I have a website where the user enters math equations (expressions) and then those equations are evaluated against data (constants) provided by the website. The math operations needed include symbols, arithmetic operations, min() , max() and some other basic functions. A sample equation could be: max(a * b + 100, a / b - 200) One could simply eval() this using Python, but as we all know this leads compromising the site. What would be the safe approach of doing math equation evaluation? What math equation parsing and evaluation engines there are for Python If one chooses to use Python itself to

1.eval() 函数作用：可以接受一个字符串str作为参数，并把这个参数作为脚本代码来 执行。 2.参数情况：（1）如果参数是一个表达式，eval() 函数将执行表达式； （2） 如果参数是Javascript语句，eval()将执行 Javascript 语句 3.注意：（如果执行结果是一个值就返回，不是就返回undefined，如果参数不是一 个字符串，则直接返回该参数） 4.语法：eval(string)， 5.案例： eval("var a=1");//声明一个变量a并赋值1。 eval("2+3");//执行加运算，并返回运算值。 eval("mytest()");//执行mytest()函数。 eval("{b:2}");//声明一个对象。如果想返回此对象，则需要在对象外面再嵌套一层小括如下：eval("({b:2})"); 注意：使用eval来解析JSON格式字符串的时候，会将{}解析为代码块，而不是对象的字面量 //1.在JSON格式的字符串前面拼接上 "var o =" //2.把JSON格式的字符串使用()括起来，就不会将{}解析为代码块，而是表达式 6.函数作用域：eval()函数并不会创建一个新的作用域，并且它的作用域就是它所在的 作用域，有时候需要将eval()函数的作用域设置为全局，当然可以将eval()在全局作用 域中使用，这个时候可以用window

I know this may be a newbie question, but I'm curious as to the main benefit of eval() - where would it be used best? I appreciate any info. The eval function is best used: Never. It's purpose is to evaluate a string as a Javascript expression. Example: eval('x = 42'); It has been used a lot before, because a lot of people didn't know how to write the proper code for what they wanted to do. For example when using a dynamic name for a field: eval('document.frm.'+frmName).value = text; The proper way to do that would be: document.frm[frmName].value = text; As the eval method executes the string