We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

Why eval()?

    • 17393
    • 19 Posts
    Lohengrin Reply #1, 18 years, 3 months ago
    Hi core coders,
    I’ve noticed that plugins code is stored in a cache file in strings, which means it has to be eval()’uated. Is this really necessary? It seems like a big waste of time (I remember reading about factor 10 to 30 time increase for eval() code).
    Instead, the code could be written directly to a php file and be included when needed. Or is there some aspect I’m missing here? I just can’t find a reason why it would be a good idea to store it in a string?!?
      • 21255
      • 215 Posts
      netnoise Reply #2, 18 years, 3 months ago
      I remember reading about factor 10 to 30 time increase for eval() code

      Are you sure? wink Just made a simple script to test it and couldn’t find any differences between execution of included and evaled code.
        Write secure snippets!
        Lock down your server!
        • 17393
        • 19 Posts
        Lohengrin Reply #3, 18 years, 3 months ago
        Well, I haven’t done any speed tests myself. But this is where I got the info from:
        http://blog.joshuaeichorn.com/archives/2005/08/01/using-eval-in-php/

        EDIT: After actually reading the benchmark script used there, I have to admit the numbers are completely worthless. I’ve run a very simple script myself (calculating 100! inside eval and in normal php mode) and found that eval causes a runtime increase of about factor 1x (i.e. just as fast) to 2x - depending on the situation. Considering that most of the executed code is usually core code and not plugin (i.e. eval) code, I guess there’s no performance problem in using eval() after all...
        • opengeek Reply #4, 18 years, 2 months ago
          This is in fact a topic I recently took attention to and I’ve already addressed in the Tattoo development path. I believe Raymond is working on a similar solution for MODx that will be in an upcoming release, as well, but if someone wouldn’t mind putting a ticket into the system so we can track this as a feature enhancement request for MODx, that’d be great, if it doesn’t already exist.

          The performance problem is really only visible the more times eval() is called. The overhead of setting up the PHP environment space for the eval to run in seems to increase the more times it is executed during a single request, such as in a loop when processing a large quantity of snippets. And I have in fact found that including 500 snippet files is a lot cheaper than eval()’ing 500 times, at least in my test environment, which is consistent with other recent articles on the subject suggest.

          [EDIT: I believe, as the author of that article indicates, is more noticable in versions of PHP 5 than in PHP 4]

          But, replacing eval with another technique will not only improve performance, but it will most likely tighten security, reducing the arbitrary code execution risks inherent in eval() calls, from those that are driven by the passion to destroy through hacking. wink
            Jason Coward
            Chief Architect @ MODX
            http://www.jasoncoward.com | http://twitter.com/drumshaman | https://github.com/opengeek