About this class

This libray attempts to secure eval() in order to allow for the following kind of scripting:

  • user-controlled
  • over-the-web
  • focused on variable-handling
  • independent of third-party parsers or interpreters

To achieve this, a big part of PHP's functionality has been restricted, but these limits are configurable.

How does it work?

Safer eval() checks the user's code for (or against) the following aspects:

  1. Syntax
  2. Shell-execution
  3. Variable variable names
  4. Variable function names
  5. PHP Tokens
  6. Variable names
  7. Function names


  • Using eval() on user scripts is an extremely high security risk.
  • Safer eval() is experimental.
  • Safer eval() is intended for experienced developers.
  • Safer eval() has not been tested in production environemnts.