These discussion typically start with "only I run the script", and that's just a lack of imagination. You know better than that.

Um no. Read the thread again. This was not 'advice' to a petitioner, but a response to a request for "Small examples of string eval".

Your telling the world it's a good idea to follow your example.

No I am not. I am describing one useful example use I make of string eval.

Your 'nanny state' attitude reminds of sit-com mothers spelling out "bad words" letter by letter so their children won't understand.

"Yes. I too find occasions when S-T-R-I-N-G E-V-A-L is U-S-E-F-U-L; but don't tell the K-I-D-S!".

As for your code example. You had to extend it to deal with exponentiation. How about &, |? How about shift-left (<<) and shift-right(>>)? Or string increment ($n++)? Bitwise operators on strings ($a ^ $b)? Ranges ('a'..'z'; 1..10)? Hash and array variables? sqrt()? The list goes on. And on... And on.

Perl has a very well designed, tried, and tested expresson parser built in. For the purpose I described, it is illogical to try and recreate it. Talk about re-inventing the wheel and passing up oppertunities for code reuse.

There are all sorts of other things you can do to harden your code, but you have to want to do that. At the very least, turn on taint checking and scrub the input.

If you are obtaining input from unknown persons via (say) the web, then these measures are appropriate. If you are obtaining input from a person sat at the keyboard with the ability to run perl(.exe), they are simply pointless.

Do you put your seatbelt on to drive your car from the drive into your garage?

There are times when such hardening is appropriate. There are times when it is not. The trick is recognising the difference. I know the difference and I am sure you do too; but unlike you, I do not operate under the premise that other people are not smart enough to understand. Nor do I feel the need to preach about it.