Some things are utterly weird. A jpg file with php code is not idiocy, it's either security learning or plain hackery. Reminds me of my beloved wordpress days.
Also, one could argue that if you lock down servers properly, something like this could be used for instruction passing between servers/datacenters/etc... its not a good argument, but its a way of doing things.
Yet more abuse of $_POST in PHP. The language should taint user supplied data by default so this wouldn't even run without throwing an exception, at the very least.
Why does eval() exist in so many programming languages, and when is using it not the worst possible option?
It's not the worst possible option when you want to wrap a command you yourself wrote in some extra stuff. For example, in a test script, you might pass the command to a function that
(1) Prints some info about the test that's about to execute
(2) Evals the command
(3) Checks/reports the result
Given the choice I'd rather use lambda, but not all languages make that very convenient/readable. In such languages, a carefully used eval might be preferable to ad-hoc interpretation.
Fair enough. Although even then I would consider using a function or a class or lambda first, I suppose as long as you completely control the code being evaled it's not fundamentally different than any other string or code on the server. It would still fill me with a gnawing sense of dread though.
8 comments
[ 3.2 ms ] story [ 27.9 ms ] threadWhy does eval() exist in so many programming languages, and when is using it not the worst possible option?
(1) Prints some info about the test that's about to execute
(2) Evals the command
(3) Checks/reports the result
Given the choice I'd rather use lambda, but not all languages make that very convenient/readable. In such languages, a carefully used eval might be preferable to ad-hoc interpretation.