Menu
Upon reading https://stackoverflow.com/review/first-posts/3429940 (is PHP eval() really dangerous?)
And http://dhorrigan.com/post/30395987906/is-eval-really-evil-yes-and-no
I am wondering if the ColdFusion equivalent has similar issues.
962
I think the warnings on the PHP function are histrionic & a bit facile, because they focus on one specific misuse of the construct, rather than its general purpose.
evaluate() will be less prone to this because it cannot execute any amount of code, it can simply evaluate individual expressions (albeit more than one, separately and disconnectedly executed).
The thing is - and this is touched on in the PHP articles too - it's just seldom, if ever, needed. If you find yourself using it... you're probably doing something wrong.
For further reading, I discuss this on my blog: "evalulate() is really slow". Is it now?
119
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
