In the majority of cases, eval is used like a sledgehammer swatting a fly -- it gets the job done, but with too much power. It's slow, it's unwieldy, and tends to magnify the damage when you make a mistake. Please spread the word far and wide: if you are considering using eval then there is probably a better way. Think hard before you use eval. eval starts a compiler. Before you use it, ask yourself whether there is a better way to solve this problem than starting up a compiler!
Here few points that force to not use Eval.
Debugability: what is easier to debug, a program that dynamically generates new code at runtime, or a program with a static body of code?
Maintainability: What's easier to maintain, a table or a program that dynamically spits new code?
Speed: which do you think is faster, a program that dereferences an array, or a program that starts a compiler?
think about string more than 10,000 persons name and we want to eval that string ... JavaScript encountered with problem on manipulating and eval()ing very large strings.
Memory: which uses more memory, a program that dereferences an array, or a program that starts a compiler and compiles a new chunk of code every time you need to access an array?
Learn More ....
http://blogs.msdn.com/ericlippert/archive/2003/11/04/53335.aspx
http://blogs.msdn.com/ericlippert/archive/2003/11/01/53329.aspx
putting up the static content means opening up the holes for people to know about your stuff. Using eval is good when u rely that content will be from ur side(server)..not from client {Standard XSS safety rule}. It is good in performace as compared to itz workarounds. Power is expected to be handled generously with a clear thought not in a random way. Same is applicable for Eval too, use it only where you need and feel will be useful not @ everyplace , undoubtedly it is really powerful. ;)
ReplyDelete