Stack Overflow
Stack Overflow

Questions tagged [eval]

eval is a function that allows a programmer to execute arbitrary code written in the same language, from a string variable within a code.

eval is a function available in a number of programming languages (including , , , , , among others), which allows programmers to execute arbitrary code written in the same language, from a string variable within a code.

Documentation

Disadvantages

Use of the eval function is generally considered to be bad practice, for a number of reasons:

  • Most importantly, it can cause severe security issues in any code that uses eval. Because eval will run any code in its host language, a hacker may use an eval statement to run his own code, and thus compromise the system. To minimize the effect, a programmer shall have to verify syntax of the statement that have to be evalulated.

  • Secondly, it is slow. Most languages, even interpreted ones such as and , have built-in optimisers and just-in-time compilers to speed up execution. However code run via an eval statement cannot be optimised, as the interpreter cannot know the exact code that will be run until it is too late to run any optimisations.

  • Finally, in almost all cases, use of eval is unnecessary, as the desired effect can almost always be achieved without needing to use it.

4475 questions
557
votes
25 answers

Why is using the JavaScript eval function a bad idea?

The eval function is a powerful and easy way to dynamically generate code, so what are the caveats?
Brian Singh
  • 6,416
  • 4
  • 22
  • 22
477
votes
3 answers

What's the difference between eval, exec, and compile?

I've been looking at dynamic evaluation of Python code, and come across the eval() and compile() functions, and the exec statement. Can someone please explain the difference between eval and exec, and how the different modes of compile() fit in?
andrewdotnich
  • 14,133
  • 7
  • 35
  • 56
322
votes
10 answers

What does Python's eval() do?

In the book that I am reading on Python, it keeps using the code eval(input('blah')) I read the documentation, and I understand it, but I still do not see how it changes the input() function. What does it do? Can someone explain?
Billjk
  • 9,249
  • 22
  • 49
  • 70
302
votes
7 answers

Evaluate expression given as a string

I'm curious to know if R can use its eval() function to perform calculations provided by e.g. a string. This is a common case: eval("5+5") However, instead of 10 I get: [1] "5+5" Any solution?
Federico Giorgi
  • 9,409
  • 9
  • 38
  • 50
279
votes
26 answers

When is JavaScript's eval() not evil?

I'm writing some JavaScript code to parse user-entered functions (for spreadsheet-like functionality). Having parsed the formula I could convert it into JavaScript and run eval() on it to yield the result. However, I've always shied away from using…
Richard Turner
  • 11,186
  • 5
  • 31
  • 37
196
votes
6 answers

Using python's eval() vs. ast.literal_eval()?

I have a situation with some code where eval() came up as a possible solution. Now I have never had to use eval() before but, I have come across plenty of information about the potential danger it can cause. That said, I'm very wary about using…
tijko
  • 6,089
  • 11
  • 39
  • 54
179
votes
10 answers

eval command in Bash and its typical uses

After reading the bash man pages and with respect to this post. I am still having trouble understanding what exactly the eval command does and which would be its typical uses. For example if we do: bash$ set -- one two three # sets $1 $2 $3 bash$…
kstratis
  • 6,429
  • 9
  • 39
  • 80
173
votes
18 answers

Convert a string to a template string

Is it possible to create a template string as a usual string let a="b:${b}"; an then convert it into a template string let b=10; console.log(a.template());//b:10 without eval, new Function and other means of dynamic code generation?
KOLANICH
  • 2,234
  • 2
  • 16
  • 19
156
votes
5 answers

instantiate a class from a variable in PHP?

I know this question sounds rather vague so I will make it more clear with an example: $var = 'bar'; $bar = new {$var}Class('var for __construct()'); //$bar = new barClass('var for __construct()'); This is what I want to do. How would you do it? I…
Pim Jager
  • 30,915
  • 16
  • 70
  • 97
155
votes
13 answers

Is there an eval() function in Java?

I have a string like the following: String str = "4*5"; Now I have to get the result of 20 by using the string. I know in some other languages the eval() function will do this. How can I do this in Java?
karthi_ms
  • 4,838
  • 10
  • 35
  • 36
147
votes
8 answers

Why is using 'eval' a bad practice?

I am using the following class to easily store data of my songs. class Song: """The class to store the details of each song""" attsToStore=('Name', 'Artist', 'Album', 'Genre', 'Location') def __init__(self): for att in…
Nikwin
  • 5,926
  • 4
  • 33
  • 41
142
votes
12 answers

Why exactly is eval evil?

I know that Lisp and Scheme programmers usually say that eval should be avoided unless strictly necessary. I’ve seen the same recommendation for several programming languages, but I’ve not yet seen a list of clear arguments against the use of eval.…
Jay
  • 9,293
  • 6
  • 44
  • 67
136
votes
1 answer

Why {} + {} is NaN only on the client side? Why not in Node.js?

While [] + [] is an empty string, [] + {} is "[object Object]", and {} + [] is 0. Why is {} + {} NaN? > {} + {} NaN My question isn't why ({} + {}).toString() is "[object Object][object Object]" while NaN.toString() is "NaN", this part has an…
Ionică Bizău
  • 93,552
  • 74
  • 254
  • 426
121
votes
21 answers

Executing test Problem is that the code inside the