in reply to How to avoid eval()?

There are two kinds of eval:
  1. eval STRING

    This takes a piece of string and executes it as Perl code. This is the bad kind.

  2. eval BLOCK

    This is Perl's equivalent for try/catch in other languages, and there's nothing wrong with it.

What kind of eval are you talking about?

update Duh! You're talking about executing user supplied code, so of course it's eval STRING.

Well, there's no way to avoid executing user supplied code if you want to execute user supplied code.

Either you eval the input as Perl, or you provide a small language (not Perl) and interpret it, in Perl. The latter is safer, but a lot of work to implement.

In Section Seekers of Perl Wisdom