Evaluate expression string with variables in PHP without eval

Jun 5, 2018 5 mins read 3574dd703


Never ever use eval function in PHP !

Updated Jul 31 : we can use Expression Language


In some applications, we need to let user defines the expression (user lambda function) to evaluate a value or a condition. So we store user-defined expression in database then using eval function and pass variables to that function.

It works, but not securely ! Remember this important thing :


So how this article will show how we achieve the goal without touching eval or create_function function.


The idea came out when I used Ansible tool (a Pythonic dev-ops tool, with great docs and community). Ansible uses jinja template engine as mainly syntax for many thing, to render the template file and to evaluate the condition when syntax.

Same in PHP, we have Twig template engine !


This is my library (https://github.com/khanhicetea/twigeval) that using the above idea, one of few libraries which I write Unit Test for ;)


$ composer require khanhicetea/twigeval


$cacheDir could be :
    - false : no use cache (mean use eval function), be carefully !
    - null : use sys_get_temp_dir() to get system temp directory as cache dir
    - string : cache directory path
$cacheDir = null;
$calculator = new KhanhIceTea\Twigeval\Calculator($cacheDir);

$math = $calculator->number('a / 4 + b * 3', ['a' => 16, 'b' => 3]);
// => 13

$boolean1 = $calculator->isTrue('(a and b) or c', ['a' => false, 'b' => true, 'c' => false]);
// => false

$boolean2 = $calculator->isFalse('(a and b) or c', ['a' => false, 'b' => true, 'c' => false]);
// => true

// We can even use Twig filters, functions
$string = $calculator->calculate('{{ a|reverse }} world !', ['a' => 'hello']);
// => olleh world !

Voilà !!! We have user-defined lambda function.

Feel free to contribute ! Thanks ! :)

Til next time !

comments powered by Disqus