|
|
Posted by Pedro Graca on 01/21/06 04:17
werner wrote:
> I agree with the parser suggestion and have also
> previously searched for an expression parser, as this would be the best
> approach.
>
> I am also looking at maybe porting an existing Java solution, what do
> you think? It's just going to take some time, and I sadly don't have
> much of that left.
Use bc! :-)
>> There is bc under Unix. Although inserting user-supplied data into a
>> shell command might be even more dangerous.
My example (below) looks safe. It could be made tighter by checking for
long lines, disabling single quotes and "strange" characters (ESC, NUL,
....), and whatever else you might think of.
.... but bc is, perhaps, best discussed on gnu.utils.help.
> That is also an interesting approach, but I do feel that I would like
> to keep it a native php solution.
<?php
$formula = <<<FORMULA
/*
* find the hypotenuse of a right triangle
* with height = 5 and area = 25
*/
/* !!!! ATTENTION !!! */
rm -rf * ## I tried it!!
## it seems perfectly safe (???)
/* !!! ATTENTION !!! */
scale = 8 ## work with 8 decimals
/* area = h * w / 2 */
h = 5 ## height
area = 25 ## area
w = 2*area / h ## compute width
/* hypotenuse = sqrt(h*h + w*w) */
hyp = sqrt(h*h + w*w) ## compute hypotenuse
hyp ## print (and return) it
FORMULA;
$value = escapeshellarg($formula);
$calculated = `echo $value | bc`; /* backticks! */
// with "rm" in the formula, $calculated will have the error message
// from bc; it might be possible to remove all messages with a
// simple regular expression, I didn't look into that.
echo $calculated;
?>
--
If you're posting through Google read <http://cfaj.freeshell.org/google>
Navigation:
[Reply to this message]
|