Hi all,
Situation: I need arbitrary calculations to be done on certain columns in a
table.
The formula's are dynamical.
I will replace certain values in the formulastring with their current values
in the colums.
So I'll end up with a formula like:
(col2*col4)/10 * (cos(col5) / sin(col6))
all the col* will be replaced with the actual values.
Then I want to eval the thing and get the answer to the calculation.
Question:
Everybody on the system with enough rights can create these formula's.
I don't want to start eval things that are naughty.
How should I proceed?
How can I be sure the eval won't touch the filesystem eg??
Or starts opening databaseconnect ions?
Is it enough to 'forbid' $ and / and ' ??
TIA!!
Regards,
Erwin Moller
3  2165 
Uzytkownik "Erwin Moller"
<si************ *************** *************** @spamyourself.c om> napisal w
wiadomosci news:40******** *************@n ews.xs4all.nl.. . Hi all,
Situation: I need arbitrary calculations to be done on certain columns in
a table.
The formula's are dynamical.
I will replace certain values in the formulastring with their current
values in the colums.
So I'll end up with a formula like:
(col2*col4)/10 * (cos(col5) / sin(col6))
Well, the names of the columns and the functions that can be used form a
closed set, so you can just parse the formulas for tokens and reject those
with tokens outside of this set. This is fairly easy to do using regular
expression. Example:
$columns = array("col1", "col2", "col3");
$functions = array("cos", "sin", "tan");
if(preg_match_a ll('/\w+/', $formula, $matches)) {
$tokens = $matches[0];
if($diff = array_diff($tok ens, $columns, $functions)) {
if(count($diff) != array_filter($d iff, is_'numeric')) {
/* invalid syntax! */
}
}
}
Erwin Moller <si************ *************** *************** @spamyourself.c om> wrote in message news:<40******* **************@ news.xs4all.nl> ... Hi all,
Situation: I need arbitrary calculations to be done on certain columns in a
table.
The formula's are dynamical.
I will replace certain values in the formulastring with their current values
in the colums.
So I'll end up with a formula like:
(col2*col4)/10 * (cos(col5) / sin(col6))
all the col* will be replaced with the actual values.
Then I want to eval the thing and get the answer to the calculation.
Question:
Everybody on the system with enough rights can create these formula's.
I don't want to start eval things that are naughty.
How should I proceed?
How can I be sure the eval won't touch the filesystem eg??
Or starts opening databaseconnect ions?
Is it enough to 'forbid' $ and / and ' ??
Well, I face a similar problem, and I'm fighting it with lots of regex
to stop the most obvious attacks. Can't suggest more till I see some
sample equations and the form inputs.
Chung Leong wrote:
Uzytkownik "Erwin Moller"
<si************ *************** *************** @spamyourself.c om> napisal w
wiadomosci news:40******** *************@n ews.xs4all.nl.. . Hi all,
Situation: I need arbitrary calculations to be done on certain columns in
a table.
The formula's are dynamical.
I will replace certain values in the formulastring with their current
values in the colums.
So I'll end up with a formula like:
(col2*col4)/10 * (cos(col5) / sin(col6))
Well, the names of the columns and the functions that can be used form a
closed set, so you can just parse the formulas for tokens and reject those
with tokens outside of this set. This is fairly easy to do using regular
expression. Example:
$columns = array("col1", "col2", "col3");
$functions = array("cos", "sin", "tan");
if(preg_match_a ll('/\w+/', $formula, $matches)) {
$tokens = $matches[0];
if($diff = array_diff($tok ens, $columns, $functions)) {
if(count($diff) != array_filter($d iff, is_'numeric')) {
/* invalid syntax! */
}
}
}
Thanks Chung for your reply.
I am still studying on it. :P
Because my regex skills suck big time, this can take a little while.
But I think I'll use your idea of a before-defined set of 'valid functions'.
If I need more I can always easyly expand my set.
Thanks,
Regards,
Erwin Moller This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Targa |
last post by:
Trying to total some price fields in a form but doesnt work when all the
referenced form fields dont exisit.
This is for an invoice - pulled prom a database and the form doesnt always
contain the same amount of Line Items.
If I have all 20 Line Items, it works great.
var sub1 = form.Line_Item_Subtotal1.value
var sub2 = form.Line_Item_Subtotal2.value
var sub3 = form.Line_Item_Subtotal3.value
var sub4 = form.Line_Item_Subtotal4.value
|
by: Lyn |
last post by:
Hi,
I am working on a genealogy form. The only table (so far) lists everybody
in the family, one record per person. Each record has an autonum ID.
The parent form (frmMainForm) displays the data in each record, which
includes the ID of the father and the mother (who also have records in the
table). One record per form.
I have a Tab Control in the form, and in one of the tabs I have a subform
(sfmSiblings) in which I wish to list...
|
by: Raposa Velha |
last post by:
Hello to all!
Does any of you want to comment the approach I implement for
instantiating a form? A description and an example follow.
Cheers,
RV
jmclopesAThotmail.com replace the AT with the thing you know ;-)
After discovering that access 2000 support form properties (I'm a
|
by: Jozef |
last post by:
I have some old code that I use from the Access 95 Developers handbook. The
code works very well, with the exception that it doesn't seem to recognize
wide screens, and sizes tab controls so that they are too big and wind up
covering up some of the fields on the main form.
Is there any good code out there that works in a similar fashion that will
also either a) stretch the form width wise on widescreens or b), rely on
height rather than...
|
by: RAJ |
last post by:
hi
plz tell me how to know "how window is going to close"...
i have to right code for X button of forms...
plz telll me
thanks
bye
| | |
by: ortaias |
last post by:
I have a form which calls up a second form for purposes of data entry.
When closing the data entry form and returning to the main form, things
don't work as expected.
When I return to the main form, I trigger the on acitvate event to run
a macro. I can use the Dlookup function to update my fields, which is
OK. However, I intitially tried to use the Repaint Object command to
repaint the form. That did not work. Though I solved the...
|
by: Miro |
last post by:
I will try my best to ask this question correctly. I think in the end the
code will make more sence of what I am trying to accomplish. I am just not
sure of what to search for on the net.
I have a form that has a button. ( this form is a child form of a parent
form ( main form ).
Anway...in this child form I have a button, and if clicked a bunch of code
will get executed.
I would like to show a Progress Bar / form in modal/ShowDialog...
|
by: NeoPa |
last post by:
Introduction
The first thing to understand about Sub-Forms is that, to add a form onto another form takes a special Subform control. This Subform control acts as a container for the form that you want to act as a Sub-Form of the main one. That is to say, if you wanted frmB to act as a Sub-Form of frmA, then you would create a Subform control on frmA (in this example we'll call it sfmB). Subforms have a .Form property which contains a...
|
by: hoofbeats95 |
last post by:
I don't think this should be this complicated, but I can't figure it
out. I've worked with C# for several years now, but in a web
environment, not with windows form. I have a form with a query button
on it. If the query returns multiple results, a new window is opened
with a grid containing the results. When the user double clicks on
the desired row in the grid, I want the first form to populate with
the correct data. I don't know how...
|
by: Neil |
last post by:
"lyle" <lyle.fairfield@gmail.comwrote in message
news:48c3dde7-07bd-48b8-91c3-e157b703f92b@f3g2000hsg.googlegroups.com...
Question for you. I'm doing something similar, only, instead of opening the
forms all at once, I'm opening them as needed. I have a main form with
multiple records; and then I have a pop-up form that the user opens with
button. The pop-up form contains one record relating to the current record
in the main form (but...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
