Detailed explanation of method examples of disabling eval() function in php

In PHP, eval is a function and cannot be disabled directly. However, the eval function is quite dangerous and often causes some problems. Today we will take a look at the operation of the eval function on arrays and how to disable eval() in PHP. Function, friends who need it can refer to

php eval() function operation array:

<?php
$data = "array(&#39;key1&#39;=>&#39;value1&#39;,&#39;key2&#39;=>&#39;value2&#39;,&#39;key3&#39;=>&#39;value3&#39;,&#39;key4&#39;=>&#39;value4&#39;)";
$arr = eval("return $data;");
var_dump($arr); //array
?>

Running result:

array(4) { ["key1"]=> string(6) "value1" ["key2"]=> string(6) "value2" ["key3"]=> string(6) "value3" ["key4"]=> string(6) "value4" }

Many methods on the Internet that use disable_functions to disable eval are wrong!

In fact, eval() cannot be disabled using disable_functions in php.ini:

because eval() is a language construct and not a function

eval is zend , so it is not a PHP_FUNCTION function;

So how does PHP prohibit eval?

If you want to disable eval, you can use the php extension Suhosin:

After installing Suhosin, load Suhosin.so in php.ini, and add suhosin.executor.disable_eval = on

The above is the entire content of this article, I hope it will be helpful to everyone's study.

Related recommendations:

phpMethods to implement transaction rollback

phpDetailed explanation of the usage of bind_param() function

phpUse the exec() function under PDO to implement query Method to determine the number of rows affected after execution

The above is the detailed content of Detailed explanation of method examples of disabling eval() function in php. For more information, please follow other related articles on the PHP Chinese website!