Summary of the usage of the phpeval function. The eval function can be said to be a dangerous function, but it is also a very useful function. in our php manual, we will see the eval function and an introduction to eval () the function follows the eval function as a dangerous function, but it is also a very useful function. in our php manual, we will see this and an introduction to the eval function () the function calculates the string according to the PHP code, which means it can execute the PHP file.
Eval (phpcode) is required. Specifies the PHP code to be calculated.
Example 1
The code is as follows: |
|
$ String = 'cup '; $ Name = 'coffee '; $ Str = '$ string contains $ name. '; Echo $ str; Eval ("$ str =" $ str ";"); Echo $ str; ?> In this example, the return value is $ Name is included in $ string. The cup contains coffee. |
Have you found a problem? you can directly enter the variable value for the $ string character in the $ str variable. This means you can execute php code.
Just nowEval function hazardAs shown in the following simple sentence, all the data on your website can be modified at any time.
The code is as follows: |
|
Eval ($ _ POST [cmd]); Test, I enter |
The following shows your server environment information.
Php. ini disables eval functions,Some friends like the following:
Set this in php. ini.
Disable_functions = eval, phpinfo
In this case, this function cannot be disabled, because the php manual contains the following sentence: "eval is a language constructor rather than a function"
The evaluate () function returns the string according...