I was reading some google api docs and came across php function parse_str().

This function literally executes the passed string as php code.

Who the fuck in their right mind would even think of implementing it.

I knew php is widely hated language, but this thing is plain abomination.

Javascript has eval. https://bit.ly/2oG55OS

Python has eval. https://bit.ly/2LwTcqX

I could keep going.

A lot of languages have this, it's not limited to PHP.

@lindgrenj6 Now I think about it, I've known about eval in php as well as other languages.

Didn't cross my mind here😅.

@chowdercake haha yeah it's a classic example of the language giving you the pistol, it's up to you to NOT shoot yourself in the foot.

I have yet to see a legitimate use for it.

@Root
I have. It is called "plugins".
usefull, in a limited context.

All languages include a shotgun pointed at your face. PHP has parse_str() / eval()

Although parse_str is the safer of the two options here, eval will just do what ever it’s told, parse_str will take a serialised array and convert it to the $result.

It has its uses... but I highly discourage it, especially if the data flowing in is not controlled.

MODX and other cms software use it to store snippets in a database.

Even Java has reflection, which is an evil all of it's own. Lots of languages offer items like this, and it is true that they have limited use case. The best example that comes to mind is if your program supports plugins. It's also a way to import code from anywhere in the file system when the language doesn't offer great import options.

It's not rare to see this sort of thing in Lua. These use cases can be extended to other scripting languages without a stretch of the imagination.

@Root