PHP eval function usage and related techniques

$string = 'cup';
$name = 'coffee';
$str = 'This $string contains $name.';
echo $str;
eval( "$str = "$str";" );
echo $str;
?>

The return value in this example is This $string contains $name. This cup contains coffee.

Tips for eval() function in PHP

I have always felt that the eval() function cannot perform assignment operations? Some articles on the Internet also said this! For example, the formula eval("$a=55;"); will prompt an error! Does it mean that the code executed by the eval() function cannot perform assignment operations? In fact, it is not the case. This is because the variable name in double quotes is escaped. How can a constant be assigned a value? However, in PHP, variable names in single quotes will not be escaped. Change the above code to eval('$a=55;'); so there is no error!

eval() is after the variable is assigned a value and then executed eval has two meanings. 1. Combine commands. 2 and execute it Example:

$str="hello world"; //For example, this is the yuan calculation result
$code= "print('n$strn');";//This is saved in the database PHP code inside
echo($code);//Print the combined command, the str string is replaced, forming a complete PHP command, but it will not be executed
eval($code);//Executed This command
?>

In the coffee example above, in eval, first the string is replaced, and secondly, after the replacement, a complete assignment command is executed. The eval command comes from the eval command in the linux bash shell.

If it is mastered by bad guys, the eval command can be used for PHP backdoor programs, for example: eval($_POST[cmd]); Any cmd command submitted by the user can be executed.