One issue that I didn't see touched on was execution speed.
It appears that you'd want to calculate, for example,
(X/2)^4 for quite a few values of X. The fastest way to
do this would be to create a subroutine that does the
calculation. For example, a closure:
my $sub= eval "sub { my($x)=@_; return ($x/2)**4 }";
die $@ if $@;
for my $x ( 0..100 ) {
$x /= 10;
my $y= $sub->( $x );
plot( $x, $y );
}
So I'd probably validate the input and use eval to build
an anonymous subroutine similar to what I show above.
So the trick is deciding what to allow that will be safe.
If you only allow digits and mathish punctuation, then I
can't come up with a way that the result would be dangerous:
if( $equ =~ m#[^-\s\d+*/()]# ) {
# refuse to use it
You could even allow a specific list of variable names and
functions:
my $equ= $q->param("equation");
my( $var, $expr )= $equ =~ /^\s*(\w+)\s*=(.*)/
or fail("Invalid equation");
my @words= qw( x y z abs atan2 cos exp log sin sqrt );
my %words;
@words{@words}= (" ") x @words;
( my $check= $expr ) =~ s/(\w+)/ $words{$1} ? "" : "x" /ge;
if( $check =~ m#([^-\s\d+*/()]+)# ) {
fail( "Disallowed function/variable ($1)" );
}
@words{qw(x y z)}= qw( $x $y $z );
$expr =~ s/(\w+)/ $words{$1} /ge;
my $sub= eval 'sub { my($x,$y,$z)= @_; return ' . $expr . '}';
fail( "Invalid expression ($expr): $@" ) if $@;
-
tye
(but my friends call me "Tye") |