PHPackages                             vanderlee/expression - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Parsing &amp; Serialization](/categories/parsing)
4. /
5. vanderlee/expression

ActiveLibrary[Parsing &amp; Serialization](/categories/parsing)

vanderlee/expression
====================

Safe, eval()-based simple and extendable expression parser

1.0.3(1mo ago)510.9k↓55.3%[1 issues](https://github.com/vanderlee/PHP-Expression/issues)MITPHPPHP &gt;=7.1CI passing

Since Apr 4Pushed 1mo ago3 watchersCompare

[ Source](https://github.com/vanderlee/PHP-Expression)[ Packagist](https://packagist.org/packages/vanderlee/expression)[ Docs](https://github.com/vanderlee/PHP-Expression)[ RSS](/packages/vanderlee-expression/feed)WikiDiscussions master Synced 2d ago

READMEChangelog (1)Dependencies (2)Versions (6)Used By (0)

PHP-Expression
==============

[](#php-expression)

Version 1.0.3

Simple and fast PHP expression parser, based on secure use of eval().

Compatible with PHP 7.1 and up.

Using eval() is evil()
----------------------

[](#using-eval-is-evil)

This class tries to expose a subset of PHP functionality not by removing the bad features, but by explicitly allowing only the good features.

IF YOU FIND ANY (POTENTIAL) SECURITY ISSUE, PLEASE REPORT!

Since PHP-Expression uses `eval()`, it can also handle PHP syntax, including parenthesis, arithmetic, functions and more.

Things you are allowed to do
----------------------------

[](#things-you-are-allowed-to-do)

- Use numbers, either floating-point or integer, including negative.
- Use a number of different bases, such as decimal, octal, hexadecimal.
- Use most basic math functions such as `abs()`, `min()`, `max()` and `sqrt()`.
- Use basic arithmetic operators `+`, `-`, `*`, `/` and `%`.
- Use parenthesis.
- Use comparisons (`true`/`false` returns `1`/`0` decimal).
- Use boolean operators in comparisons.
- Use bitwise operators.
- Use textual boolean operators like `and`, `xor` and `or`

Things we've added
------------------

[](#things-weve-added)

- Binary numbers, using a `0b` prefix. i.e. `0b1001110`.
- New functions/function aliases.
- Support to use number "types" using prefixes.
- Boolean operator `^^` for logical XOR (same as `xor`).
- Textual boolean operator `not` (same as `!`).

Things you should NOT be able to do
-----------------------------------

[](#things-you-should-not-be-able-to-do)

- Access functions not explicitly permitted.
- Access static classs method not explicitly permitted.
- Access class properties or functions.
- Access system constants.
- Access variables, local or global.
- Access Expression class itself.
- Access namespace functions.
- Access arrays of any kind, using either brackets or accolades.
- Use strings.
- Return anything except numbers (integer or floating-point, 1/0 for boolean results).

Things you cannnot do
---------------------

[](#things-you-cannnot-do)

- Ternary operator (`x ? y : z`) not supported.
- Elvis operator (`x ?: z`) not supported.
- Null-coalescing operator (`x ?? z`) not supported.
- Spaceship operator (`x  y`) only supported on PHP 7 and up (it's a PHP 7 feature).

Available functions
-------------------

[](#available-functions)

TODO

Disclaimers
-----------

[](#disclaimers)

Though this class has been tested and independently reviewed by several people, I cannot make any absolute 100% guarantee that it cannot be hacked. If you find any potential security problem, please let us know.

Even though the Expression class itself is supposed to be secure, the return value may still be abused if your code does not check for validity. Only numbers can be returned, but if your code crashes on a number "666", the Expression class cannot and will not be able to protect you. Check for valid ranges.

###  Health Score

50

—

FairBetter than 95% of packages

Maintenance84

Actively maintained with recent releases

Popularity29

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity62

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~829 days

Total

5

Last Release

59d ago

Major Versions

0.2.2 → 1.0.02019-03-02

PHP version history (2 changes)0.2.2PHP &gt;=5.2.0

1.0.1PHP &gt;=7.1

### Community

Maintainers

![](https://www.gravatar.com/avatar/59428f021d3985e299ebd676bbe50fa592430f8dd1d57af38df8833b19079ee8?d=identicon)[vanderlee](/maintainers/vanderlee)

---

Top Contributors

[![vanderlee](https://avatars.githubusercontent.com/u/649240?v=4)](https://github.com/vanderlee "vanderlee (24 commits)")

---

Tags

parsermathexpressioneval

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/vanderlee-expression/health.svg)

```
[![Health](https://phpackages.com/badges/vanderlee-expression/health.svg)](https://phpackages.com/packages/vanderlee-expression)
```

###  Alternatives

[nikic/php-parser

A PHP parser written in PHP

17.4k954.1M2.5k](/packages/nikic-php-parser)[doctrine/lexer

PHP Doctrine Lexer parser library that can be used in Top-Down, Recursive Descent Parsers.

11.2k959.9M160](/packages/doctrine-lexer)[madorin/matex

PHP Mathematical expression parser and evaluator

1171.2M1](/packages/madorin-matex)[masterminds/html5

An HTML5 parser and serializer.

1.8k269.7M322](/packages/masterminds-html5)[matomo/device-detector

The Universal Device Detection library, that parses User Agents and detects devices (desktop, tablet, mobile, tv, cars, console, etc.), clients (browsers, media players, mobile apps, feed readers, libraries, etc), operating systems, devices, brands and models.

3.5k26.4M183](/packages/matomo-device-detector)[nxp/math-executor

Simple math expressions calculator

2311.9M8](/packages/nxp-math-executor)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
