[RESOLVED] Comparison Operators inside a while loop

netfrugal

I'm having a difficulty performing if statements on comparison operators that I have stored inside my database.

I've stored this statement in my operators_table:

$amount == 1.25

OK, now I'm going to pull these 2 statements from the db, AND perform an if() statement on it:

<?

$amount = 3.55;

	   $result = mysql_query("SELECT * FROM operators_table");
		while($row = mysql_fetch_assoc($result)){

			$statement = $row['statement']; // outputs: $amount == 1.25

				 if($statement){ echo 'true statement'; }else{ echo 'false statement'; } 


} 
?>

So, I'm imagining this is happening:

if($amount == 1.25){ echo 'true statement'; }else{ echo 'false statement'; }

However, the result is always "true statement". But I've defined the variable "$amount" above the SELECT query. The amount is 3.55, so I'm baffled why it doesn't return "false statement".

Help! I've tried different things, but I'm lost to how this is rectified.

NogDog

What it is actually doing is:

if('$amount == 1.25') {

Notice that it is a single string, not a variable being compared to a float. To do what you are trying would require the use of [man]eval/man, which would personally encourage me to find a better design alternative.

eval('$statement = (' . $row['statement'] . ');');
if($statment) {

But as the saying goes, "If eval() is the answer, you're probably asking the wrong question."

netfrugal

Well, I applied the eval() function and it works! Awesome!
I'm always open to keeping my code and db cleaner.

So, you may think the use of eval() may not be a good idea? Or are you saying the practice of eval() in this aspect isn't the best idea? Oh do tell! Now I'm getting paranoid lol

NogDog

eval() is inefficient, in that each invocation of it requires the launching of a separate PHP process. It's sort of like running a separate mini PHP script (not necessarily a big deal on modern servers when used in reasonable amounts and when the site is not running near max capacity).

It's also a potential security risk. For instance, imagine through either an honest mistake or via a malicious hacking that the database field being used had a string inserted into it which, when eval()'d, could do something you really wouldn't like done. You likely would not know it until after the fact and after the damage was done.

I might consider using 3 fields: variable_name, operator, and value. Then you could use something like the following to do the comparison:

$varname = $row['var_name'];
$operator = $row['operator'];
$value = $row['value'];
switch($operator)
{
   case '==':
      $result = (${$varname} == $value);
      break;
   case '!=':
      $result = (${$varname} == $value);
      break;
   // repeat for each valid operator..., then...
   default:
      // die(), or user_error(), or whatever you want when invalid/empty operator
}
if($result) {
   // whatever when comparison is true....
}

Not the most elegant code, perhaps, but it is much safer, IMO.