Home >Backend Development >PHP Tutorial >eval() and create_function() in php

eval() and create_function() in php

无忌哥哥
无忌哥哥Original
2018-06-28 14:56:287058browse

* eval() and create_function()

* 1. eval()

* 1. The eval() function calculates the string according to the PHP code

* 2. The string must be legal PHP code and must end with a semicolon

* 3. If the return statement is not called in the code string, NULL

* 4 .If there is a parsing error in the code, the eval() function returns false

* 5. This function is useful for storing code in a database text field for later calculation

* 2 , create_function('parameter','function body code'): Create an anonymous function

//The functions of the following two statements are exactly the same

eval('echo 4+5;');  //输出9
echo eval('return 4+5;'); //返回9并显示在屏幕上

//Although the functions of the above two statements are the same, the return value Not the same

//So, if you want to reference the eval() return value, you must use return

var_dump(eval('echo 4+5;')); //返回 NULL
var_dump(eval('return 4+5;')); //返回 9

//eval() injection attack demonstration

isset($_GET['p']) ? eval($_GET['p']) : null;

//Now add ?p=phpinfo(); or other legal PHP statements after the url, it will be executed directly and the injection is successful

//You can add your advertisement, your jump address, etc. To achieve the purpose of malicious attack

//Use create_functoin() to create an anonymous function

//Because this function has been deprecated, some editors will give warnings, and it is useless to say more

//It is enough to know that this function has been in this world

$func1 = create_function('$a,$b', 'return ($a+$b);');
echo $func1(10,20);

The above is the detailed content of eval() and create_function() in php. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:callback function in phpNext article:callback function in php