如何评估在PHP中作为字符串传递的公式?
尚宏硕
问题内容:
问题答案:
只是试图找出执行作为字符串传递的数学运算的正确和安全的方法。在我的场景中,它是从图像EXIF数据中获取的值。
经过很少的研究,我发现了两种解决方法。
首先,使用eval:
function calculator1($str){
eval("\$str = $str;");
return $str;
}
第二,使用create_function:
function calculator2($str){
$fn = create_function("", "return ({$str});" );
return $fn();
};
这两个示例都需要字符串清除以避免恶意代码执行。还有其他更短的方法吗?
问题答案:
这可能会有所帮助。
http://www.phpclasses.org/browse/package/2695.html
需要下载恼人的登录名。我为您复制了粘贴内容。
- 此类可用于安全地评估数学表达式。
- 该类可以采用文本字符串中的表达式,然后通过替换变量的值并计算数学函数和运算的结果来对其进行求值。
- 它支持隐式乘法,多变量函数和嵌套函数。
- 它可用于评估来自不受信任来源的表达式。 它提供了强大的错误检查功能,并且仅评估一组有限的功能。
- 它可用于根据公式表达式生成图。
/* ================================================================================ EvalMath - PHP Class to safely evaluate math expressions Copyright (C) 2005 Miles Kaufmann <http://www.twmagic.com/> ================================================================================ NAME EvalMath - safely evaluate math expressions SYNOPSIS <? include('evalmath.class.php'); $m = new EvalMath; // basic evaluation: $result = $m->evaluate('2+2'); // supports: order of operation; parentheses; negation; built-in functions $result = $m->evaluate('-8(5/2)^2*(1-sqrt(4))-8'); // create your own variables $m->evaluate('a = e^(ln(pi))'); // or functions $m->evaluate('f(x,y) = x^2 + y^2 - 2x*y + 1'); // and then use them $result = $m->evaluate('3*f(42,a)'); ?> DESCRIPTION Use the EvalMath class when you want to evaluate mathematical expressions from untrusted sources. You can define your own variables and functions, which are stored in the object. Try it, it's fun! METHODS $m->evalute($expr) Evaluates the expression and returns the result. If an error occurs, prints a warning and returns false. If $expr is a function assignment, returns true on success. $m->e($expr) A synonym for $m->evaluate(). $m->vars() Returns an associative array of all user-defined variables and values. $m->funcs() Returns an array of all user-defined functions. PARAMETERS $m->suppress_errors Set to true to turn off warnings when evaluating expressions $m->last_error If the last evaluation failed, contains a string describing the error. (Useful when suppress_errors is on). AUTHOR INFORMATION Copyright 2005, Miles Kaufmann. LICENSE Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1 Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ class EvalMath { var $suppress_errors = false; var $last_error = null; var $v = array('e'=>2.71,'pi'=>3.14); // variables (and constants) var $f = array(); // user-defined functions var $vb = array('e', 'pi'); // constants var $fb = array( // built-in functions 'sin','sinh','arcsin','asin','arcsinh','asinh', 'cos','cosh','arccos','acos','arccosh','acosh', 'tan','tanh','arctan','atan','arctanh','atanh', 'sqrt','abs','ln','log'); function EvalMath() { // make the variables a little more accurate $this->v['pi'] = pi(); $this->v['e'] = exp(1); } function e($expr) { return $this->evaluate($expr); } function evaluate($expr) { $this->last_error = null; $expr = trim($expr); if (substr($expr, -1, 1) == ';') $expr = substr($expr, 0, strlen($expr)-1); // strip semicolons at the end //=============== // is it a variable assignment? if (preg_match('/^\s*([a-z]\w*)\s*=\s*(.+)$/', $expr, $matches)) { if (in_array($matches[1], $this->vb)) { // make sure we're not assigning to a constant return $this->trigger("cannot assign to constant '$matches[1]'"); } if (($tmp = $this->pfx($this->nfx($matches[2]))) === false) return false; // get the result and make sure it's good $this->v[$matches[1]] = $tmp; // if so, stick it in the variable array return $this->v[$matches[1]]; // and return the resulting value //=============== // is it a function assignment? } elseif (preg_match('/^\s*([a-z]\w*)\s*\(\s*([a-z]\w*(?:\s*,\s*[a-z]\w*)*)\s*\)\s*=\s*(.+)$/', $expr, $matches)) { $fnn = $matches[1]; // get the function name if (in_array($matches[1], $this->fb)) { // make sure it isn't built in return $this->trigger("cannot redefine built-in function '$matches[1]()'"); } $args = explode(",", preg_replace("/\s+/", "", $matches[2])); // get the arguments if (($stack = $this->nfx($matches[3])) === false) return false; // see if it can be converted to postfix for ($i = 0; $i<count($stack); $i++) { // freeze the state of the non-argument variables $token = $stack[$i]; if (preg_match('/^[a-z]\w*$/', $token) and !in_array($token, $args)) { if (array_key_exists($token, $this->v)) { $stack[$i] = $this->v[$token]; } else { return $this->trigger("undefined variable '$token' in function definition"); } } } $this->f[$fnn] = array('args'=>$args, 'func'=>$stack); return true; //=============== } else { return $this->pfx($this->nfx($expr)); // straight up evaluation, woo } } function vars() { $output = $this->v; unset($output['pi']); unset($output['e']); return $output; } function funcs() { $output = array(); foreach ($this->f as $fnn=>$dat) $output[] = $fnn . '(' . implode(',', $dat['args']) . ')'; return $output; } //===================== HERE BE INTERNAL METHODS ====================\\ // Convert infix to postfix notation function nfx($expr) { $index = 0; $stack = new EvalMathStack; $output = array(); // postfix form of expression, to be passed to pfx() $expr = trim(strtolower($expr)); $ops = array('+', '-', '*', '/', '^', '_'); $ops_r = array('+'=>0,'-'=>0,'*'=>0,'/'=>0,'^'=>1); // right-associative operator? $ops_p = array('+'=>0,'-'=>0,'*'=>1,'/'=>1,'_'=>1,'^'=>2); // operator precedence $expecting_op = false; // we use this in syntax-checking the expression // and determining when a - is a negation if (preg_match("/[^\w\s+*^\/()\.,-]/", $expr, $matches)) { // make sure the characters are all good return $this->trigger("illegal character '{$matches[0]}'"); } while(1) { // 1 Infinite Loop ;) $op = substr($expr, $index, 1); // get the first character at the current index // find out if we're currently at the beginning of a number/variable/function/parenthesis/operand $ex = preg_match('/^([a-z]\w*\(?|\d+(?:\.\d*)?|\.\d+|\()/', substr($expr, $index), $match); //=============== if ($op == '-' and !$expecting_op) { // is it a negation instead of a minus? $stack->push('_'); // put a negation on the stack $index++; } elseif ($op == '_') { // we have to explicitly deny this, because it's legal on the stack return $this->trigger("illegal character '_'"); // but not in the input expression //=============== } elseif ((in_array($op, $ops) or $ex) and $expecting_op) { // are we putting an operator on the stack? if ($ex) { // are we expecting an operator but have a number/variable/function/opening parethesis? $op = '*'; $index--; // it's an implicit multiplication } // heart of the algorithm: while($stack->count > 0 and ($o2 = $stack->last()) and in_array($o2, $ops) and ($ops_r[$op] ? $ops_p[$op] < $ops_p[$o2] : $ops_p[$op] <= $ops_p[$o2])) { $output[] = $stack->pop(); // pop stuff off the stack into the output } // many thanks: http://en.wikipedia.org/wiki/Reverse_Polish_notation#The_algorithm_in_detail $stack->push($op); // finally put OUR operator onto the stack $index++; $expecting_op = false; //=============== } elseif ($op == ')' and $expecting_op) { // ready to close a parenthesis? while (($o2 = $stack->pop()) != '(') { // pop off the stack back to the last ( if (is_null($o2)) return $this->trigger("unexpected ')'"); else $output[] = $o2; } if (preg_match("/^([a-z]\w*)\($/", $stack->last(2), $matches)) { // did we just close a function? $fnn = $matches[1]; // get the function name $arg_count = $stack->pop(); // see how many arguments there were (cleverly stored on the stack, thank you) $output[] = $stack->pop(); // pop the function and push onto the output if (in_array($fnn, $this->fb)) { // check the argument count if($arg_count > 1) return $this->trigger("too many arguments ($arg_count given, 1 expected)"); } elseif (array_key_exists($fnn, $this->f)) { if ($arg_count != count($this->f[$fnn]['args'])) return $this->trigger("wrong number of arguments ($arg_count given, " . count($this->f[$fnn]['args']) . " expected)"); } else { // did we somehow push a non-function on the stack? this should never happen return $this->trigger("internal error"); } } $index++; //=============== } elseif ($op == ',' and $expecting_op) { // did we just finish a function argument? while (($o2 = $stack->pop()) != '(') { if (is_null($o2)) return $this->trigger("unexpected ','"); // oops, never had a ( else $output[] = $o2; // pop the argument expression stuff and push onto the output } // make sure there was a function if (!preg_match("/^([a-z]\w*)\($/", $stack->last(2), $matches)) return $this->trigger("unexpected ','"); $stack->push($stack->pop()+1); // increment the argument count $stack->push('('); // put the ( back on, we'll need to pop back to it again $index++; $expecting_op = false; //=============== } elseif ($op == '(' and !$expecting_op) { $stack->push('('); // that was easy $index++; $allow_neg = true; //=============== } elseif ($ex and !$expecting_op) { // do we now have a function/variable/number? $expecting_op = true; $val = $match[1]; if (preg_match("/^([a-z]\w*)\($/", $val, $matches)) { // may be func, or variable w/ implicit multiplication against parentheses... if (in_array($matches[1], $this->fb) or array_key_exists($matches[1], $this->f)) { // it's a func $stack->push($val); $stack->push(1); $stack->push('('); $expecting_op = false; } else { // it's a var w/ implicit multiplication $val = $matches[1]; $output[] = $val; } } else { // it's a plain old var or num $output[] = $val; } $index += strlen($val); //=============== } elseif ($op == ')') { // miscellaneous error checking return $this->trigger("unexpected ')'"); } elseif (in_array($op, $ops) and !$expecting_op) { return $this->trigger("unexpected operator '$op'"); } else { // I don't even want to know what you did to get here return $this->trigger("an unexpected error occured"); } if ($index == strlen($expr)) { if (in_array($op, $ops)) { // did we end with an operator? bad. return $this->trigger("operator '$op' lacks operand"); } else { break; } } while (substr($expr, $index, 1) == ' ') { // step the index past whitespace (pretty much turns whitespace $index++; // into implicit multiplication if no operator is there) } } while (!is_null($op = $stack->pop())) { // pop everything off the stack and push onto output if ($op == '(') return $this->trigger("expecting ')'"); // if there are (s on the stack, ()s were unbalanced $output[] = $op; } return $output; } // evaluate postfix notation function pfx($tokens, $vars = array()) { if ($tokens == false) return false; $stack = new EvalMathStack; foreach ($tokens as $token) { // nice and easy // if the token is a binary operator, pop two values off the stack, do the operation, and push the result back on if (in_array($token, array('+', '-', '*', '/', '^'))) { if (is_null($op2 = $stack->pop())) return $this->trigger("internal error"); if (is_null($op1 = $stack->pop())) return $this->trigger("internal error"); switch ($token) { case '+': $stack->push($op1+$op2); break; case '-': $stack->push($op1-$op2); break; case '*': $stack->push($op1*$op2); break; case '/': if ($op2 == 0) return $this->trigger("division by zero"); $stack->push($op1/$op2); break; case '^': $stack->push(pow($op1, $op2)); break; } // if the token is a unary operator, pop one value off the stack, do the operation, and push it back on } elseif ($token == "_") { $stack->push(-1*$stack->pop()); // if the token is a function, pop arguments off the stack, hand them to the function, and push the result back on } elseif (preg_match("/^([a-z]\w*)\($/", $token, $matches)) { // it's a function! $fnn = $matches[1]; if (in_array($fnn, $this->fb)) { // built-in function: if (is_null($op1 = $stack->pop())) return $this->trigger("internal error"); $fnn = preg_replace("/^arc/", "a", $fnn); // for the 'arc' trig synonyms if ($fnn == 'ln') $fnn = 'log'; eval('$stack->push(' . $fnn . '($op1));'); // perfectly safe eval() } elseif (array_key_exists($fnn, $this->f)) { // user function // get args $args = array(); for ($i = count($this->f[$fnn]['args'])-1; $i >= 0; $i--) { if (is_null($args[$this->f[$fnn]['args'][$i]] = $stack->pop())) return $this->trigger("internal error"); } $stack->push($this->pfx($this->f[$fnn]['func'], $args)); // yay... recursion!!!! } // if the token is a number or variable, push it on the stack } else { if (is_numeric($token)) { $stack->push($token); } elseif (array_key_exists($token, $this->v)) { $stack->push($this->v[$token]); } elseif (array_key_exists($token, $vars)) { $stack->push($vars[$token]); } else { return $this->trigger("undefined variable '$token'"); } } } // when we're out of tokens, the stack should have a single element, the final result if ($stack->count != 1) return $this->trigger("internal error"); return $stack->pop(); } // trigger an error, but nicely, if need be function trigger($msg) { $this->last_error = $msg; if (!$this->suppress_errors) trigger_error($msg, E_USER_WARNING); return false; } } // for internal use class EvalMathStack { var $stack = array(); var $count = 0; function push($val) { $this->stack[$this->count] = $val; $this->count++; } function pop() { if ($this->count > 0) { $this->count--; return $this->stack[$this->count]; } return null; } function last($n=1) { return $this->stack[$this->count-$n]; } }
编辑: 抖动想要支持反向抛光表示法的版本。让我想起了我上HP计算器的大学时代:)
<?php
/* This Class can be useful for writting RPN macros or FORTH like parsers
@Author: Arturo Gonzalez-Mata Santana (Spain)
arturogmata@gmail.com
@copyright 2007: www.phpsqlasp.com
It is part of a project to recover "macros" from some old aplications
This code is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 3
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
class RPNstack
{
var $data=array();
var $compare=0;
function pop() {return array_shift ($this->data);}
function push($x) {array_unshift($this->data, $x);}
function count() {return count($this->data);}
function first() {return $this->data[0];}
function top() {return end($this->data);} //last element of
function swap() { // interchange tow elements
$t = $this->data[1];
$this->data[1] = $this->data[0];
$this->data[0] = $t;
}
function dup() { // put a copy of X element in the stack
array_unshift($this->data, $this->data[0]);
}
function dump(){ // dump array data for debuging
print_r($this->data);
}
function parse($tok) // execute actions with the stack for each token
{
$r = null;
$tok = strtoupper(trim($tok));
//$this->dump(); // this line is for debugging purpose only
switch ($tok) :
// FIRST "IF THEN" AND OTHER FLOW CONTROLS
case ('THEN'): break;
case('IF'):
if ($this->pop() == 0) do { // if condition is false do nothing until "THEN"
$tok = strtoupper(strtok (" "));
} while ($tok <> "THEN"); // IF THERE IS NO "THEN" THIS SHALL BE AN ENLESS LOOP
break;
// basic math operators //OPERADORES MATEMATICOS BASICOS
case('+'):
$r = $this->pop() + $this->pop();
// $r = array_shift($this->data) + array_shift($this->data); // is more efficient but less understable
break;
case('-'):
$r = $this->pop(); $r = $this->pop()-$r;
break;
case('*'):
$r = $this->pop() * $this->pop();
break;
case('/'):
$r = $this->pop(); $r = $this->pop() / $r;
break;
// stack operators //OPERADORES DE PILA
case ('DUP'):
$r=$this->dup();
break;
case ('SWAP'):
$this->swap();
break;
// COMPARISON OPERATORS
case ('='):
if ($this->data[0] == $this->data[1]) $r = $this->push(1);
else $r = $this->push(0);
break;
case ('<>'):
if ($this->data[0] <> $this->data[1]) $r = $this->push(1);
else $r = $this->push(0);
break;
case ('<'):
if ($this->data[0] < $this->data[1]) $r = $this->push(1);
else $r = $this->push(0);
break;
case ('>'):
if ($this->data[0] > $this->data[1]) $r = $this->push(1);
else $r = $this->push(0);
break;
case ('>='):
if ($this->data[0] >= $this->data[1]) $r = $this->push(1);
else $r = $this->push(0);
break;
case ('<='):
if ($this->data[0] <= $this->data[1]) $r = $this->push(1);
else $r = $this->push(0);
break;
// WARNING FOR NON IMPLEMENTED FUNCTIONS
default:
return sprintf('I don\'t know how to "%s" ', $tok);
endswitch;
if (!is_null($r)) $this->push($r);
return $r;
} // parse
function parse_line($cadena)
{
$tok = strtok ($cadena," ");
while ($tok!= '') {
if (is_numeric ($tok)) {
$this->push($tok);
} else {
$r = $this->parse($tok);
}
$tok = strtok (" ");
}
return $r;
}
} // class RPN
?>
类似资料:
-
问题内容: 我有一个代表路径的字符串。由于此应用程序在Windows,OSX和Linux上使用,因此我们定义了环境变量以正确映射来自不同文件系统的卷。结果是: 我想做的是评估字符串中的环境变量,以便将它们替换为各自的卷名。我是否缺少特定的命令,还是必须采取并手动替换字符串? 问题答案: 使用os.path.expandvars扩展字符串中的环境变量,例如:
-
问题内容: 我必须从D / B检索一组列值并将其作为条件进行检查。 例如,我将有像字符串,在d / B柱。(值是一直比较的值)。我将在代码中声明一个变量值,我应该评估这种情况。 我怎样才能做到这一点??任何帮助都受到赞赏。谢谢。 问题答案: 这是使用标准(Java 1.6+)脚本库的示例:
-
问题内容: 如何解析和评估字符串(例如)中的数学表达式而不调用其数值? 在该示例中,我希望函数接受并返回。 问题答案: 我最终选择了该解决方案,该解决方案可用于对正整数和负整数进行求和(对正则表达式进行少许修改也可用于十进制): 我不确定它是否比eval()快,但是由于必须多次执行该操作,因此与创建javascript编译器实例负载相比,运行此脚本要舒服得多
-
本文向大家介绍Java评估算术字符串,包括了Java评估算术字符串的使用技巧和注意事项,需要的朋友参考一下 示例
-
问题内容: 如果JSP中存在某些值,则需要隐藏一个元素 值存储在列表中,所以我尝试了: 但是,它不起作用。 如何评估列表是否包含JSTL中的值,列表和值是字符串。 问题答案: 可悲的是,我认为JSTL除了支持所有元素的迭代来解决这个问题外,不支持任何其他功能。过去,我在核心标签库中使用过forEach方法: 运行之后,如果myList包含myValue,则$ {contains}将等于“ true
-
问题内容: 我如何布尔计算包含布尔表达式的字符串?喜欢: 用户应该能够定义自己的变量(),并定义自己的布尔表达式()。因此,我将所有表达式仅作为字符串使用。我如何评估它们? 问题答案: 您可以使用Nambari评论的ScriptEngine: 打印0。 还要注意,该表达式不是布尔表达式,而是按位运算。