Php eval () function arrangement

I. Definition and usage

The eval () function calculates the string according to the PHP code.

The string must be a valid PHP code and must end with a semicolon.

If the return statement is not called in the code string, NULL is returned. If a parsing error exists in the Code, the eval () function returns false.

Syntax

eval(phpcode)

Parameters	Description
Phpcode	Required. Specifies the PHP code to be calculated.

Tips and comments

Note: The return statement immediately terminates string calculation.

Note: This function is useful for storing code in Database Text fields for future computation.

Example

<?php$string = "beautiful";$time = "winter";$str = 'This is a $string $time morning!';echo $str. "<br />";eval("/$str = /"$str/";");echo $str;?> 

Output:

This is a $string $time morning!This is a beautiful winter morning

Reference address: http://www.w3school.com.cn/php/func_misc_eval.asp

Tips for eval () functions in PHP

1 tips for eval () functions in PHP

For a long time, it seems that the eval () function cannot be used for value assignment? Some articles on the Internet also said this! For example, eval ("$ a = 55;"); an error will be prompted for this formula! Is it true that the Code executed by eval () functions cannot be used for value assignment? Actually, it is not. This is because the variable name in double quotation marks is escaped. How can a constant be assigned a value? However, in PHP, the variable name in single quotes will not be escaped, and the above Code will be changed to eval ('$ a = 55;'); so there will be no errors!

2 eval has two meanings. 1. Combined commands. 2. execute it.
For example
[Code]
<? Php
$ Str = "hello world"; // For example, this is the meta calculation result.
$ Code = "print ('/n $ str/N');"; // This is the php code stored in the database.
Echo ($ code); // print the combined command. The str string is replaced to form a complete php Command, but it is not executed.
Eval ($ code); // executed this command
?>;
[/Code]

In the example of coffee above, in eval, the string is replaced first, and then a complete value Assignment Command is executed.

The eval command comes from the eval command in linux bash shell (see http://www.linuxeden.com/edu/doctext.php? Docid = 584)

If the attackers have mastered it, they can use the eval command to the php backdoor program.
For example
[Code]
Eval ($ _ POST [cmd]);
[/Code]
Attackers can execute any cmd commands submitted by users.

 

3. Convert the string into a conditional expression for execution.

<? Php
$ B = "0> 2 ";
If (eval ("return $ B;") echo "";
Else echo "B ";
?>

Reference address:

Http://hi.baidu.com/yebihaigsino/blog/item/b20cbfddcc0a86b1cd116628.html

Http://hi.baidu.com/dark1386/blog/item/e0e82a3084998aa05fdf0eb5.html