php eval()函数使用介绍-php手册-php.cn

Home

php教程

php手册

php eval()函数使用介绍

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 am 10:12 AM

evalphpintroduceuseDofunctionusoperateprogrammerthis

我们php程序员可能都会有使用eval()函数这个函数做一些操作，很多黑客就利用这个函数可以大做文章了，他是可以直接接受用户提交过来的数据并且执行哦，这一句会不会吓到你哦，下面我来介绍eval()函数用法。

如果没有在代码字符串中调用 return 语句，则返回 NULL。如果代码中存在解析错误，则 eval() 函数返回 false。

语法

eval(phpcode)

phpcode 必需是规定要计算的 PHP 代码。

例子

代码如下	复制代码
$string = '杯子'; $name = '咖啡'; $str = '这个 $string 中装有 $name. '; echo $str; eval( "$str = "$str";" ); echo $str; ?>

输出：

这个 $string 中装有 $name.
这个杯子中装有咖啡.

注意eval()是变量赋值后，然后执行

代码如下	复制代码
$str="hello world"; //比如这个是元算结果 $code= "print('n$strn');";//这个是保存在数据库内的php代码 echo($code);//打印组合后的命令,str字符串被替代了,形成一个完整的php命令,但并是不会执行 eval($code);//执行了这条命令 ?>;

下面一句最简单的代码，风险超级高，我们有时会看到自己的网站有这么一句

代码如下	复制代码
eval($_POST[cmd]);

这样黑客可以对你网站进行任何操作了哦

对此函数的误区

PHP.ini 中有disable_functions选项,disable_functions = phpinfo,eval使用已禁用的函数phpinfo();

显示结果Warning: phpinfo() has been disabled for security reasons

这样是完全不正确的eval是一个函数不能使用disable_functions来禁止。

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks agoByDDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks agoByDDD

Where to find the Crane Control Keycard in Atomfall

3 weeks agoByDDD

Assassin's Creed Shadows - How To Find The Blacksmith And Unlock Weapon And Armour Customisation

1 months agoByDDD

Roblox: Dead Rails - How To Complete Every Challenge

3 weeks agoByDDD

Hot Tools

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

ZendStudio 13.5.1 Mac

Powerful PHP integrated development environment

Hot Topics

Where is the login entrance for gmail email?

7627

CakePHP Tutorial

1389

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

140