$string = 'cup';
$name = 'coffee';
$str = 'This $string contains $name. ';
echo $str;
eval( "$str = "$str";" );
echo $str;
?>
The return value in this example is
This $string contains $name.
This cup contains coffee.
Or more advanced is
The code is as follows
|
Copy code
|
$str="hello world"; //For example, this is the result of yuan calculation |
$code= "print('n$strn');";//This is the php code saved in the database
echo($code);//Print the combined command, the str string is replaced, forming a complete php command, but it will not be executed
eval($code);//Executed this command
?>;
In your coffee example above, in eval, first the string is replaced, and secondly, after the replacement, a complete assignment command is executed.
Ponies like this smashing into doors need to be banned
Many people on the Internet say that using disable_functions to disable eval is wrong
In fact, eval() cannot be disabled using disable_functions in php.ini because eval() is a language construct and not a function
eval is zend, not a PHP_FUNCTION function;
How to disable eval in php:
If you want to disable eval, you can use the php extension Suhosin
After installing Suhosin
Load Suhosin.so in php.ini and add suhosin.executor.disable_eval = on then
To summarize, the php eval function cannot be disabled in php and we can only use plug-ins
http://www.bkjia.com/PHPjc/632829.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/632829.htmlTechArticleThe eval function is a function in php and not a system component function. Our disable_functions in php.ini cannot It is prohibited because it is not a php_function. eval() for ph...
|