Home >Backend Development >PHP Tutorial >How to disable eval() function example in php_php example

How to disable eval() function example in php_php example

WBOY
WBOYOriginal
2016-12-05 13:28:221182browse

php eval() function operates on arrays:

<&#63;php
$data = "array('key1'=>'value1','key2'=>'value2','key3'=>'value3','key4'=>'value4')";
$arr = eval("return $data;");
var_dump($arr); //array
&#63;>

Run result:

array(4) { ["key1"]=> string(6) "value1" ["key2"]=> string(6) "value2" ["key3"]=> string(6) "value3" ["key4"]=> string(6) "value4" }


Many methods on the Internet that use disable_functions to disable eval are wrong!

In fact, eval() cannot be disabled using disable_functions in php.ini:

because eval() is a language construct and not a function

eval is zend, so it is not a PHP_FUNCTION function;

So how to disable eval in php?

If you want to disable eval, you can use the php extension Suhosin:

After installing Suhosin, load Suhosin.so in php.ini and add suhosin.executor.disable_eval = on

Thanks for reading, I hope it can help you, thank you for your support of this site!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn