Hi all,
Situation: I need arbitrary calculations to be done on certain columns in a
table.
The formula's are dynamical.
I will replace certain values in the formulastring with their current values
in the colums.
So I'll end up with a formula like:
(col2*col4)/10 * (cos(col5) / sin(col6))
all the col* will be replaced with the actual values.
Then I want to eval the thing and get the answer to the calculation.
Question:
Everybody on the system with enough rights can create these formula's.
I don't want to start eval things that are naughty.
How should I proceed?
How can I be sure the eval won't touch the filesystem eg??
Or starts opening databaseconnections?
Is it enough to 'forbid' $ and / and ' ??
TIA!!
Regards,
Erwin Moller