manychois / peval
A PHP package for evaluating expressions with support for variables, functions, and operators.
Requires
- php: ^8.4
- nikic/php-parser: ^5.5
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.75
- phpstan/phpstan: ^2.1
- phpunit/phpunit: ^12.2
This package is auto-updated.
Last update: 2025-07-21 02:38:29 UTC
README
Peval is a secure PHP library for parsing and evaluating expressions with support for variables, functions, operators, objects and array structures. Built on top of the excellent nikic/php-parser library, Peval provides a safe and controlled environment for executing dynamic expressions at runtime without the risks associated with eval(). All unsafe PHP functions are strictly prohibited to ensure security.
Features
| Category | Description | Examples |
|---|---|---|
| 🔢 Arithmetic | Arithmetic operations | +, -, *, /, %, **, () |
| 🔍 Comparison | Value and type comparison operators | ==, !=, ===, !==, <, <=, >, >=, <=> |
| 🧠 Logical | Boolean logic operations | &&, ||, !, and, or, xor |
| 📚 Arrays | Array creation and access operations | [1, 2, 3], $arr[0], ['a' => 'Apple'] |
| 🔤 String | String manipulation and interpolation | 'abc', "Hello {$name}!", . |
| 📝 Variables | Dynamic variable resolution with context | $variable |
| 🔑 Object Access | Object properties and constants | $obj->prop, Class::CONST |
| 📞 Function Calls | Function and object method calls | func(), $obj->method() |
| ➡️ Arrow Functions | Arrow function syntax for concise callbacks | array_map(fn($x) => $x * 2, $array) |
| 🔒 Security | Unsafe functions prohibited | No eval(), exec(), file operations, etc. |
| ❓ Others | Ternary and null coalescing | ? :, ?? |
Installation
composer require manychois/peval
Requirements
- PHP 8.4 or higher
Security
Peval prioritizes security by maintaining a comprehensive blacklist of unsafe PHP functions that are prohibited from execution. This includes:
- Code execution functions:
eval(),exec(),system(), etc. - File system operations:
file_get_contents(),unlink(),chmod(), etc. - Network functions:
curl_exec(),mail(), etc. - Reflection capabilities:
get_defined_functions(),class_exists(), etc.
This ensures that expressions can only perform safe computations without accessing external resources or executing potentially dangerous operations.
For a complete list of prohibited functions, please refer to the src/unsafe.php file in the source code.
Quick Start
<?php use Manychois\Peval\Parser; use Manychois\Peval\Evaluator; // Create parser and evaluator $parser = new Parser(); $evaluator = new Evaluator(); $expression = $parser->parse('"Hello {$name}!"'); $context = [ 'name' => 'World', ]; echo $evaluator->evaluate($expression, $context); // print "Hello World!"
Comparison with Other Libraries
symfony/expression-language
The symfony/expression-language library provides rich expression evaluation capabilities but it has a different syntax than PHP. Peval understands native PHP syntax, making it easier for PHP developers to use without learning a new syntax.
nikic/php-parser
The nikic/php-parser library is primarily a parser for PHP code. Its built-in evaluator ConstExprEvaluator can only handle constant expressions. Peval builds on top of it to provide a complete solution for evaluating expressions.
madorin/matex
The madorin/matex library focuses mainly on mathematical expressions and does not support complex data structures like arrays or objects. It is limited to numeric operations, while Peval supports a wide range of PHP features including strings, arrays, and objects.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.