Introduction to the use of php eval() function_PHP tutorial

We PHP programmers may all use the eval() function to do some operations. Many hackers use this function to make a fuss. They can directly accept the data submitted by the user and execute it. This sentence will I won’t scare you. Let me introduce the usage of eval() function.

If no return statement is called in the code string, NULL is returned. If there are parsing errors in the code, the eval() function returns false.

Grammar

eval(phpcode)

phpcode must specify the PHP code to be calculated.

Example

The code is as follows

代码如下	复制代码
$string = '杯子'; $name = '咖啡'; $str = '这个 $string 中装有 $name. '; echo $str; eval( "$str = "$str";" ); echo $str; ?>

Copy code

$string = 'cup';
$name = 'coffee';

$str = 'This $string contains $name.
';

echo $str;
eval( "$str = "$str";" );

echo $str;

代码如下	复制代码
$str="hello world"; //比如这个是元算结果 $code= "print('n$strn');";//这个是保存在数据库内的php代码 echo($code);//打印组合后的命令,str字符串被替代了,形成一个完整的php命令,但并是不会执行 eval($code);//执行了这条命令 ?>;

?>

代码如下	复制代码
eval($_POST[cmd]);

Output:

This $string contains $name.

This cup contains coffee.

Note that eval() is after the variable is assigned a value, and then executed

$str="hello world"; //For example, this is the result of yuan calculation

$code= "print('n$strn');";//This is the php code saved in the database

echo($code);//Print the combined command, the str string is replaced, forming a complete php command, but it will not be executed

eval($code);//Executed this command ?>; The simplest code below is extremely risky. We sometimes see this sentence on our website

The code is as follows	Copy code

The code is as follows

Copy code

eval($_POST[cmd]); In this way, hackers can perform any operation on your website Misunderstanding about this function There is a disable_functions option in PHP.ini, disable_functions = phpinfo, eval uses the disabled function phpinfo(); Display result Warning: phpinfo() has been disabled for security reasons This is completely incorrect. eval is a function and cannot be disabled using disable_functions. http://www.bkjia.com/PHPjc/629639.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629639.htmlTechArticleWe PHP programmers may all use the eval() function to do some operations. Many hackers use this function. It’s time to make a fuss, he can directly accept submissions from users...