I am writing a website that will include some math exercises. I don’t care if users try to cheat, so I fix the answers through Javascript
In my particular case, I have a field in the form. I would like to allow the user to enter a mathematical expression (say 3/2) and use his result to find out if he is right. For this, I would use eval.
My javascript would never read directly from the url, just from the form. No results from this page will ever be stored for display to any user (perhaps we will save the results for statistical analysis later, then storing them in the database via PHP, but again, I probably need to sanitize any input in PHP itself, from -for the fear of users using POST directly)
Whatever happens? = P
source
share