Home > Article > Backend Development > Instructions for dynamic calls in php_PHP tutorial
Instructions for dynamic calls in php_PHP tutorial
- WBOYOriginal
- 2016-07-20 11:10:121125browse
Dynamic calling is considered an advanced thing in PHP. Today we will take a look at what this advanced activity is. Let’s first analyze and determine what this dynamic calling is. Friends in need can take a look.
It is indeed a big trouble to add a lot of judgments in the program! For example:
| 代码如下 | 复制代码 |
| if($fun=’a’){echo ”哎呀!”;} elesif(){} …… else{echo “嗯!”;}; | |
It’s really troublesome and causes huge trouble when reading and modifying the program later!
At this time, we can use functions to implement each code segment to be executed.
You can then use a more NB method to implement these functions.
And because each function implements a function, it is much simpler for us to maintain.
Let’s get to the point and see what the function of dynamically calling functions in PHP is:
You can dynamically call functions in PHP, like this $fun(), the PHP parser can use the value of the variable $fun To call the corresponding function, for example $fun='a', the parser will see the form a();, thus calling the function a. The specific code is as follows:
| The code is as follows | Copy code |
| 代码如下 | 复制代码 |
| //程序来源:PHP iask http://www.bkjia.com //controller.php (isset($_GET['fun'])&&$_GET['fun']!='')?$fun=$_GET['fun']:$fun='def'; controller($fun); function controller($fun){ if(function_exists($fun)) $fun(); else echo "函数{$fun}未定义"; } function def(){ echo "由于用户没有传递参数,调用了缺省的函数def()"; } function a(){ echo "函数a被调用!"; } function b(){ echo "函数b被调用!"; } ?> | |
//controller.php
(isset($_GET['fun'])&&$_GET['fun']!='')?$fun=$_GET['fun']:$fun='def';| 代码如下 | 复制代码 |
|
require_once showErrMsg.php; function showErrMsg($strMsg){ | |
| The code is as follows | Copy code |
| require_once showErrMsg.php;<🎜> $_action = (isset($_REQUEST[action])?$ _REQUEST[action]:"");<🎜> if($_action!=null&&$_action!=){<🎜> if(function_exists($_action)){<🎜> eval("$_action();") ;<🎜> }else{<🎜> die(showErrMsg ( " The method [".$_action."()] does not exist in the current php file. ")); } }?>function showErrMsg($strMsg){<🎜> return " ".$strMsg.""; }?> | |
On the front page we can use different links to implement different functions. For example, we have such a link
http://localhost/controller.php?fun=a
When the request reaches the controller .php, the PHP program will automatically execute function a().
The key point of the problem:
is that we first call the controller() function on the page of this program. This function first determines whether the function name defined in the parameter (the value of $fun) is defined. If it is defined, it calls this function.
If fun is not defined in the $_GET parameter: http://localhost/controller.php
Call a default function def();
Is this code like this? Is it right to be concise? You can copy these codes back and see the effect for yourself - I can definitely tell you that these codes run normally!
However, I am also sorry to tell you: in fact, this seemingly neat code has a huge security risk inside it, a huge, huge security risk! Let’s talk about what it is specifically, “About the Security Issues of Dynamic Calling Functions in PHP” which will be released on time at 10 o’clock tomorrow. You will definitely not use this piece of code on the server immediately, right?
In addition, testing has confirmed that this method can not only dynamically call functions, but also dynamically instantiate objects, like this: $obj = new $obj();
The code is as follows
|
Copy code |
||||
| class A | |||||
{ if (isset($this)) {
echo '$this is defined (';
//parent::foo(); }