I have this string ($query) returning from preg_replace
'SELECT ({$array["sum"]}/ 5)'
how can i evaluate it, so that the result would be 'SELECT (100/5)' for example !
I tried
eval($query)
But with no success!
Do you have a better idea ?
Add a comment
|
3 Answers
you're not using eval right:
$evaluated = eval("return $query;");
take care you do not have any syntax errors. also you just might do it wrong when you build SQL queries this way. Just saying, I hope you're old enough.
1 Comment
unloco
Thanks a lot, this worked fine!! I will definitely add more security precautions. The final string will actually look something like this :) input example:
"SELECT ({total_price.total_id}/ 5)" output: "SELECT (".mysqli_real_escape_string($this->app_array["application"]["sql"]["total_price"]["total_id"])."/ 5)"Just replace the single quotes ' with double quotes ".
"SELECT ({$array["sum"]}/ 5)"
And it is not a good idea to use eval() during $_POST or while getting input from users. Just a suggestion.
answered Oct 6, 2012 at 13:30
Praveen Kumar Purushothaman
167k27 gold badges215 silver badges261 bronze badges
Comments
Just glue them together with the . operator:
$array['sum'] = 100;
echo 'SELECT (' . $array['sum' ] . ' / 5)';
will result in:
SELECT (100 / 5)
1 Comment
unloco
The string is coming right from a preg_replace :) I will try to produce a similar string and evaluate it though. So thanks :)