C does not have eval, so you must be thinking of some other programming language.

Passing user input unfiltered to your database is a very bad idea. I think it's better if you describe to us the problem you're trying to solve with this approach.

If you want to "convert a string to a list", let's assume that the string is a string of comma-separated items. Then split could be what you're looking for. Except that you won't be able to have any items that contain a comma as the value in your list. But maybe you should explain where you get the string from in the first place.

yes sorry, no eval in c, i was thinking of preprocessors expands

i dont think using eval is that bad idea, all the vars are in the scope and what do you mean by 'unfiltered input'?

think about it as of advanced search similar you can find on almost any website. select query you're constructing varies depending on the options user chose so as $sth->excute argument list

If the user enters `system -rf /` into your program or Robert'); DROP TABLE Students; --, you will get problems, depending on how exactly you're accepting the user input. You most likely want to read up on DBI place holders. eval is the wrong tool for this.

If you need to dynamically construct a query with varying expressions, you should still use DBI placeholders instead of trying to use eval or string interpolation or string concatenation.

the thing is that i never know how does the string gonna look like as it depends from user user input..

If you don't know how the input looks, you're screwed. Processing natural language is very, very hard and usually works only partially.

is there a way of converting string to a list?

Many ways, the easiest involving split and a regular expression.

Anyway, it might help if you'd describe us what problem you are trying to solve, and in which way you are trying to solve it - maybe there's a better way.