Eval is Evil

Just read an article on Sitepoint about PHP’s Eval function, and basically, how it is evil.

Eval let’s you ‘run’ a string, as if it were code. Sounds useful, but I can’t say that I’ve ever found a situation where it is a good idea. Quite apart from the security risk highlighted – which is really more a question of user input validation – it seems to me that if you’re writing a programme, you should know what it is supposed to do up front.

If you already know what it is supposed to do, why would you need an eval function at all? Why not just programme it that way. Sure, I can see how eval might be a useful ‘shortcut’, but it just isn’t elegant

Advertisements
Eval is Evil

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s