Home > Article > Backend Development > Detailed explanation of method examples of disabling eval() function in php
Detailed explanation of method examples of disabling eval() function in php
- 墨辰丷Original
- 2018-05-30 09:46:151935browse
In PHP, eval is a function and cannot be disabled directly. However, the eval function is quite dangerous and often causes some problems. Today we will take a look at the operation of the eval function on arrays and how to disable eval() in PHP. Function, friends who need it can refer to
php eval() function operation array:
<?php
$data = "array('key1'=>'value1','key2'=>'value2','key3'=>'value3','key4'=>'value4')";
$arr = eval("return $data;");
var_dump($arr); //array
?>
Running result:
array(4) { ["key1"]=> string(6) "value1" ["key2"]=> string(6) "value2" ["key3"]=> string(6) "value3" ["key4"]=> string(6) "value4" }
Many methods on the Internet that use disable_functions to disable eval are wrong!
In fact, eval() cannot be disabled using disable_functions in php.ini:
because eval() is a language construct and not a function
eval is zend , so it is not a PHP_FUNCTION function;
So how does PHP prohibit eval?
If you want to disable eval, you can use the php extension Suhosin:
After installing Suhosin, load Suhosin.so in php.ini, and add suhosin.executor.disable_eval = on
The above is the entire content of this article, I hope it will be helpful to everyone's study.
Related recommendations:
phpMethods to implement transaction rollback
phpDetailed explanation of the usage of bind_param() function
The above is the detailed content of Detailed explanation of method examples of disabling eval() function in php. For more information, please follow other related articles on the PHP Chinese website!