Joshua Eichorn has a new post today covering one of the most heated topics in PHP development to arise in a long time - the use of eval() in PHP.

PHP contains an eval function, and since it lets build PHP code at runtime it allows for some very neat tricks, such as creating mock objects or soap proxy classes at runtime. Though eval can be useful that doesn’t mean its not exteremly dangerous, in this post im going to talk about when I think eval should be used, and some of its security concerns.

He talks about its inherent security risk (executing another PHP string), three uses of it (to provide compatibility for older versions, to create class/function definitions at runtime, and to call variable functions), and, wrapping it all up, he talks about the speed of the eval statement (or lack there of).