I am trying to use the eval() function in PHP, but one of my variables (ppi) has a dollar symbol in it.
$operation = "*";
$cname = mysqli_real_escape_string($link, $_REQUEST['cname']);
$to = mysqli_real_escape_string($link, $_REQUEST['email']);
$prod = mysqli_real_escape_string($link, $_REQUEST['prod']);
$desc = mysqli_real_escape_string($link, $_REQUEST['desc']);
$ppi = mysqli_real_escape_string($link, $_REQUEST['ppi']);
$items = mysqli_real_escape_string($link, $_REQUEST['items']);
$total = mysqli_real_escape_string(eval('return '.$ppi.$operation.$items.';'))
Although simplified, the equivalent could be:
$operation = "*";
$cname = mysqli_real_escape_string($link, $_REQUEST['cname']);
$to = mysqli_real_escape_string($link, $_REQUEST['email']);
$prod = mysqli_real_escape_string($link, $_REQUEST['prod']);
$desc = mysqli_real_escape_string($link, $_REQUEST['desc']);
$ppi = '$10';
$items = '5';
$total = mysqli_real_escape_string(eval('return '.$ppi.$operation.$items.';'))
Whenever I try to run this code though, I always get a HTTP error 500.
You can work out the problem by expanding the string one by one:
$operation = "*";
$cname = mysqli_real_escape_string($link, $_REQUEST['cname']);
$to = mysqli_real_escape_string($link, $_REQUEST['email']);
$prod = mysqli_real_escape_string($link, $_REQUEST['prod']);
$desc = mysqli_real_escape_string($link, $_REQUEST['desc']);
$ppi = '$10';
$items = '5';
// New Bit:
$evalString = 'return ' . $ppi . $operation . $items . ';';
// $evalString = 'return $10*5;'
eval($evalString);
// This is equivalent of eval('return $10*5');
// Which errors as you can't have a variable begin with a number
Caveat: please take note of comments above: you'd be much better not using eval, casting correctly to ints() and evaluating other ways.