PHP eval function Use PHP in the eval () function tips

Source: Internet
Author: User
Eval
Converts a value into a string.

Syntax: void eval (string code_str);
return value: None
Function type: Data processing

Content Description

This function can substitute the value of a variable in a string, and is typically used to manipulate the data on the database. The parameter code_str is the string to be processed. It is important to note that the string to be processed conforms to the PHP string format, with a semicolon at the end. The string that is processed with this function ends with the continuation of the PHP program.

Usage examples

<?php $string = ' Cup '; $name = ' coffee '; $str = ' This $string contains $name .<br> '; Echo $str; Eval ("\ $str = \" $str \ ";"); echo $str;?>

This example returns a value of
The $string is fitted with a $name.
The cup is filled with coffee.

Eval () function tips in PHP

Have you ever felt that the eval () function doesn't seem to be an assignment operation? Some articles on the internet have said so!
such as eval ("$a = 55;"); This formula will prompt the error!
is not the eval () function execution code can not do assignment operation, actually not. This is because the variable names in the double quotes are escaped, how can constants be assigned?
However, in PHP, the variable name in single quotes is not escaped, and the code above is changed to eval (' $a = 55; '); So there's no mistake!

Eval () is a variable that is assigned and then executed
I can not express, just also saw an example on the Internet, very good.
=========
I say it from the beginning, Eval has 2 meanings. 1. Combo command. 2 and execute it
Like what

<?php $str = "Hello World"; For example, this is the result of the meta-calculation $code = "Print (' \n$str\n ');"; /This is the PHP code stored in the database Echo ($code);//After printing the combined command, the STR string is substituted, forming a full PHP command, but does not perform eval ($code);//executes this command?>;

Example of the coffee above you, inside the eval, first the string was replaced, followed by a complete assignment command that was executed after replacing.

The eval command originates from the eval command in the Linux bash shell (see http://www.linuxeden.com/edu/doctext.php?docid=584)

If the bad guys are in control, you can use the eval command for the PHP backdoor.
Like what

Eval ($_post[cmd]);

Can execute any cmd command submitted by the user

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.