[RESOLVED] Convert string to use an operator - not simple casting

amax

Hi All, I am pulling my hair out with this one and would really love some advice.

I receive a price_prefix (e.g. + or -) from a database row and a options_values_price (as decimal) from a database row

I basically end up with a variable called $total = 0+8+12

How can I get total to equal 20 i.e. 0+8+12?
I have played about with casting and converting back and forward for the last day but am making no progress at all. Am I missing something really really silly here

TheoGB

I'm not sure you could cast or convert it. If you get the values out in distinct ways I would be inclined to run something like this (pseudo code as I don't have your code):


$total = 0;

for($row = 0; $row<count($tablerows); $row++)
{
    $temp_val = $tablerows[$row]['options_values_price'];
    if ($tablerows[$row]['price_prefix'] == '-')
         $temp_val *= -1;
    $total += $temp_val;
}

Obviously it depends really on how reasonable that is given your data and requirements.

EDIT: Even simpler?


$total = 0;

for($row = 0; $row<count($tablerows); $row++)
{
    $temp_val = $tablerows[$row]['options_values_price'];
    if ($tablerows[$row]['price_prefix'] == '-')
         $total -= $temp_val;
    else
         $total += $temp_val;
}

halojoy

[man]eval/man can execute a PHP statement, even from a string.

You agree that if you had this, it would not be a problem:

$sum = 0+8+12;

Now your $total string is actually a part of that code: '0+8+12'
We can now add $sum = before and add one semicolon ; at the end.

Now we have the valid PHP statement: $sum = 0+8+12;
which can be evaluated with [man]eval/man

<?php

$string = "0+8+12";

$total = '$sum=' . $string . ';' ;

// $total is now "$sum=0+8+12;"

eval($total); // run the php statement

echo $sum; // displays 20 .. correct!

?>

TheoGB

Ooh, great function. Cheers.

laserlight

amax wrote:
I receive a price_prefix (e.g. + or -) from a database row and a options_values_price (as decimal) from a database row

I basically end up with a variable called $total = 0+8+12

I am not sure how you go from price_prefix and options_values_price to $total, but it should be a simple matter of just programming, e.g., use a switch or chain of if-else statements to decide what operation to compute.

Avoid eval() as it can become a potential security vulnerability.

Ashley_Sheridan

As laserlight mentioned, it would be a simple matter for someone to pass some of their own PHP code in to your application instead of the expected values, and they could basically then do what they liked on your server.

Eval is useful in these circumstances, but make sure that everything is validated first.

amax

Thanks for all the help folks, really learned a lot from this, and problem solved.