Home >Backend Development >PHP Tutorial >eval() and create_function() in php
* eval() and create_function()
* 1. eval()
* 1. The eval() function calculates the string according to the PHP code
* 2. The string must be legal PHP code and must end with a semicolon
* 3. If the return statement is not called in the code string, NULL
* 4 .If there is a parsing error in the code, the eval() function returns false
* 5. This function is useful for storing code in a database text field for later calculation
* 2 , create_function('parameter','function body code'): Create an anonymous function
//The functions of the following two statements are exactly the same
eval('echo 4+5;'); //输出9 echo eval('return 4+5;'); //返回9并显示在屏幕上
//Although the functions of the above two statements are the same, the return value Not the same
//So, if you want to reference the eval() return value, you must use return
var_dump(eval('echo 4+5;')); //返回 NULL var_dump(eval('return 4+5;')); //返回 9
//eval() injection attack demonstration
isset($_GET['p']) ? eval($_GET['p']) : null;
//Now add ?p=phpinfo(); or other legal PHP statements after the url, it will be executed directly and the injection is successful
//You can add your advertisement, your jump address, etc. To achieve the purpose of malicious attack
//Use create_functoin() to create an anonymous function
//Because this function has been deprecated, some editors will give warnings, and it is useless to say more
//It is enough to know that this function has been in this world
$func1 = create_function('$a,$b', 'return ($a+$b);'); echo $func1(10,20);
The above is the detailed content of eval() and create_function() in php. For more information, please follow other related articles on the PHP Chinese website!