Eval
Converts a value into a string.
Syntax: void eval (string code_str);
return value: None
Types of functions: Data processing
Content Description
This function can be used to substitute the value of a variable in a string, usually on data that is processed on the database. Parameter code_str is the string to be processed. It is worth noting that the string to be processed conforms to the PHP string format, with a semicolon at the end. The string that is processed using this function is followed by the end of the PHP program.
Usage examples
Copy Code code as follows:
<?php
$string = ' Cup ';
$name = ' coffee ';
$str = ' This $string is fitted with $name .<br> ';
Echo $str;
Eval ("\ $str = \" $str \ ";");
Echo $str;
?>
The return value for this example is
$name is fitted in this $string.
This cup contains coffee.
The eval () function tips in PHP
I've always felt that the eval () function does not seem to be an assignment operation? Some articles on the internet have said so!
such as eval ("$a = 55;"); This formula will prompt the error!
Does the eval () function execute a code that does not perform assignment, but is not. This is because the variable names in double quotes are escaped, so how can constants be assigned?
In PHP, however, the variable names in single quotes are not escaped, and the above code is changed to eval (' $a = 55; '). So that there is no mistake Oh!
Eval () is a variable assignment, and then executes the
I did not express, just also saw an example on the Internet, quite good.
=========
Let me start by saying that Eval has 2 layers of meaning. 1. Group commands. 2 and carry out it
Like what
Copy Code code as follows:
<?php
$str = "Hello World"; For example, this is a meta-calculation result.
$code = "Print (' \n$str\n ');"; /This is the PHP code stored in the database
Echo ($code);//Print after the combination of the command, the STR string is substituted to form a complete PHP command, but is not executed
eval ($code);//execute this command
?>;
The example of your coffee above, in the eval, first the string is replaced, and then a complete assignment command is executed after the replacement is completed.
The eval command comes from the eval command in the Linux bash shell (see http://www.linuxeden.com/edu/doctext.php?docid=584)
If the bad guys get it, you can use the Eval command for the backdoor in PHP.
Like what
Copy Code code as follows:
Can execute any cmd command submitted by user