Home  >  Article  >  Backend Development  >  How to disable eval in php

How to disable eval in php

藏色散人
藏色散人Original
2020-08-11 09:42:153295browse

How to disable eval in php: first install the php extension "Suhosin"; then load "Suhosin.so" in "php.ini"; finally add the content "suhosin.executor.disable_eval = on" That’s it.

How to disable eval in php

Recommended: "PHP Video Tutorial"

php eval() function operates on arrays:

<?php
$data = "array(&#39;key1&#39;=>&#39;value1&#39;,&#39;key2&#39;=>&#39;value2&#39;,&#39;key3&#39;=>&#39;value3&#39;,&#39;key4&#39;=>&#39;value4&#39;)";
$arr = eval("return $data;");
var_dump($arr); //array
?>

Run results:

array(4) { ["key1"]=> string(6) "value1" ["key2"]=> string(6) "value2" ["key3"]=> string(6) "value3" ["key4"]=> string(6) "value4" }

Many methods on the Internet that use disable_functions to disable eval are wrong!

In fact, eval() cannot be disabled using disable_functions in php.ini:

because eval() is a language construct and not a function

eval is zend, so it is not a PHP_FUNCTION function;

Then How to disable eval in php?

If you want to disable eval, you can use the php extension Suhosin:

After installing Suhosin, load Suhosin.so in php.ini, plus suhosin.executor.disable_eval = Just turn it on.

The above is the detailed content of How to disable eval in php. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn