0

I have this string ($query) returning from preg_replace

'SELECT ({$array["sum"]}/ 5)'

how can i evaluate it, so that the result would be 'SELECT (100/5)' for example !

I tried

eval($query)

But with no success!

Do you have a better idea ?

Improve this question

3 Answers 3

Reset to default
1

you're not using eval right:

$evaluated = eval("return $query;");

take care you do not have any syntax errors. also you just might do it wrong when you build SQL queries this way. Just saying, I hope you're old enough.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks a lot, this worked fine!! I will definitely add more security precautions. The final string will actually look something like this :) input example: "SELECT ({total_price.total_id}/ 5)" output: "SELECT (".mysqli_real_escape_string($this->app_array["application"]["sql"]["total_price"]["total_id"])."/ 5)"
1

Just replace the single quotes ' with double quotes ".

"SELECT ({$array["sum"]}/ 5)"

And it is not a good idea to use eval() during $_POST or while getting input from users. Just a suggestion.

Improve this answer

Comments

0

Just glue them together with the . operator:

$array['sum'] = 100;
echo 'SELECT (' . $array['sum' ] . ' / 5)';

will result in:

SELECT (100 / 5)
Improve this answer

1 Comment

The string is coming right from a preg_replace :) I will try to produce a similar string and evaluate it though. So thanks :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.