Is there any other way to do the job without using eval?

1 view (last 30 days)
G A
G A on 30 Dec 2012
Matlab experts say ' eval is evil'. I use eval in the case when I read Edit Text data in GUI and str2double is not applicable. For example, I need to type, read and save (in cell-array) an arbitrary array with arbitrary length, say A=[1,5,9]. I do:
set(handles.A_edit,'String','[1,5,9]')
C{1}=get(handles.A_edit,'String');
A=eval(C{1});
Is there any other way to do the job without using eval?
  1 Comment
G A
G A on 30 Dec 2012
Edited: G A on 30 Dec 2012
By the way, what about subs?
>> a='[1,2,3]';
>> subs(a)
ans =
1 2 3

Sign in to comment.

Sign in to answer this question.

Accepted Answer

Azzi Abdelmalek
Azzi Abdelmalek on 30 Dec 2012
Edited: Azzi Abdelmalek on 30 Dec 2012
A=str2double(get(handles.A_edit,'String'))
  9 Comments
Show 7 older comments
Jan
Jan on 30 Dec 2012
Edited: Jan on 30 Dec 2012
@G A: subs concerns symbolical calculations and here eval is a completely different story: neither evil nor prone to errors, but the best method to evaluate a symbolical expression numerically.
I recommend neither str2num nor the direct usage of eval. Try this:
str2num('system(''cmd'')')
If you are stuck in the command shell interaction inside Matlab's command window, type "exit" to stop the nonsense. Equivalent system calls are used frequently to crack web-based services using a standard input masks. Although you think you can trust the users of your Matlab GUI, it is a good programming practice to avoid a string evaluation ever, under all circumstances and in general and at all.
When I need to input a vector in a GUI, I implement three edit fields like (sorry for the poor graphics):
[edit1] : [edit2] : [edit3]
Then I check if the users has inserted values for all three fields and create the vector by:
v1 = sscanf(get(edit1_H, 'String'), '%g', 1);
v2 = sscanf(get(edit2_H, 'String'), '%g', 1);
v3 = sscanf(get(edit3_H, 'String'), '%g', 1);
... checks with ISNAN ...
v = colon(v1, v2, v3);
Of course eval and str2num would handle '[1:10, 11, 13:17, 27]' also, but also 'sum = 23' and this assigns a value to a symbol, which is a built-in function and in debug mode this will lead to extremely surprising effects. If the user types 'o' instead of '0' by accident, the results may be strange also, when 'o' is a variable already and the evil eval evaluates the string.
But, sigh, parsing inputs cannot be 100% secure. See e.g. EVAL bug and even sprintf allowed to obtain root privileges in older Matlab versions. So really evil users will break your program without eval also, but at least this happens less likely by mistakes and typos.
G A
G A on 30 Dec 2012
Thanks, Jan!
In some cases I also imput vectors using three fields as you have shown. However I did not think that so many hidden problems with str2num and eval exist.

Sign in to comment.

More Answers (1)

Walter Roberson
Walter Roberson on 30 Dec 2012
T1 = regexprep(get(handles.A_edit,'String'), '\[|\]', ' ');
T2 = regexp(T1, '[,;\s]', 'split');
Acell = str2double(T2);
A = cell2mat(Acell);
  11 Comments
Show 9 older comments
Walter Roberson
Walter Roberson on 31 Dec 2012
T2 = regexp(T1, '[,;\s]+', 'split');
Note: with this modification, if the user enters (say) '[1,,,3]' then it would become [1 3] and the multiple delimiters would be ignored. If you want more error checking in the "no colon" section,
if regexp(S, '[\[,;\[]\s*[\[,;\[]')
error('multiple delimiters')
end
Mind you this will also reject '[[1],[2]]'. To do better, you need to define exactly which syntaxes you wish to permit.
G A
G A on 31 Dec 2012
Edited: G A on 31 Dec 2012
Thanks, Walter, and Happy New Year!

Sign in to comment.

Categories

Find more on Variables in Help Center and File Exchange

Tags

Products

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!