We PHP programmers may have to use the Eval () function This function to do some operations, many hackers use this function can make a fuss, he can directly accept the user submitted to the data and execute Oh, this sentence will not scare you oh, let me introduce the eval () function usage.
If no return statement is called in the code string, NULL is returned. If there is a parsing error in the code, the eval () function returns FALSE.
Grammar
Eval (Phpcode)
Phpcode must be the PHP code required to calculate.
Example
The code is as follows |
Copy Code |
$string = ' Cup '; $name = ' coffee '; $str = ' This $string contains $name. '; Echo $str; Eval ("$str =" $str ";"); Echo $str; ?> |
Output:
The $string is fitted with a $name.
The cup is filled with coffee.
Note that eval () is a variable assignment and then executes
The code is as follows |
Copy Code |
$str = "Hello World"; For example, this is a meta-calculation. $code = "Print (' n$strn ');"; /This is the PHP code stored in the database Echo ($code);//After printing the combined command, the STR string is substituted, forming a full PHP command, but is not executed eval ($code);//execute this command. ?>; |
The following sentence is the simplest code, the risk is super high, we sometimes see our own site has such a sentence
The code is as follows |
Copy Code |
Eval ($_post[cmd]); |
So hackers can do anything about your site.
The misunderstanding of this function
There are disable_functions options in php.ini, disable_functions = phpinfo,eval using Disabled functions phpinfo ();
Showing results warning:phpinfo () has been disabled for security reasons
This is completely incorrect eval is a function that cannot be disabled using Disable_functions.
http://www.bkjia.com/PHPjc/629639.html www.bkjia.com true http://www.bkjia.com/PHPjc/629639.html techarticle We PHP programmers may have to use the Eval () function This function to do some operations, many hackers use this function can be a big fuss, he can directly accept the user submitted ...