I'm working on an application that will test the user's knowledge of PHP. The user will enter code and submit it and the application will check it for errors. This will include not only parse and runtime errors, but also the appropriateness of the response to the question.
The best way I can think to do this is to run an eval() on the user's code and check the result, i.e. if the user is asked to create an array of three given fruits, and he enters:
$fruits = array (
'orange',
'banana'
);
I want to be able to look at that array and determine that its size is not 3 and give that feedback in the quiz.
That's a really simple example, but it's the general idea.
Needless to say the idea of accepting arbitrary PHP code on a form and unconditionally running eval() on it is pure suicide, but it seems to make a lot more sense than running a bunch of regex on the text to check its validity. That would be an imperfect solution.
I'm wondering if there's anything I can do to really tighten things up so that people can't put malicious code in the answer. I noticed PHP safe mode is now extinct, but is there anything similar? I essentially just need a PHP emulator.