In PHP, Eval is a function and cannot be disabled directly, but the Eval function is quite dangerous and often there are some problems, today we will look at the Eval function array operation and PHP how to disable the eval () function, the need for friends can refer to the next
PHP eval () function operation array:
<?php$data = "Array (' key1 ' = ' value1 ', ' key2 ' = ' value2 ', ' key3 ' = ' value3 ', ' key4 ' = ' value4 ')"; $arr = Eval ("Return $data;"); Var_dump ($arr); Array?>
Operation Result:
Array (4) {["Key1"]=> string (6) "value1" ["Key2"]=> string (6) "value2" ["Key3"]=> string (6) "Value3" ["Key4"]=&G T String (6) "Value4"}
Many online say using disable_functions to prohibit the Eval method is wrong!
In fact, Eval () is not allowed in the php.ini disable_functions:
Because Eval () is a language construct and not a function
Eval is Zend and therefore not a php_function function;
So how does PHP prohibit eval?
If you want to disable eval, you can use PHP's extension suhosin:
After installing Suhosin in php.ini load comes in suhosin.so, plus suhosin.executor.disable_eval = on can
The above is the whole content of this article, I hope that everyone's study has helped.