PHP eval function usage-Tips for eval () function in PHP

Eval
Enter the value in the string.

Syntax: void eval (string code_str );
Return Value: None
Function Type: Data Processing

Description

This function can be used to substitute variable values in a string for processing database data. The code_str parameter is the string to be processed. It is worth noting that the string to be processed must comply with the PHP
String format, with a semicolon at the end. The strings processed by using this function are continued to the end of the PHP program.

Example

<? PHP
$ String = 'cup ';
$ Name = 'coffee ';
$ STR = 'this
$ String contains $ name. <br> ';
Echo $ STR;
Eval ("\ $ STR = \" $ STR \";"
);
Echo $ STR;
?>

In this example, the return value is

$ Name is included in $ string.
The cup contains coffee.

//////////////////////////////////////// ///

Tips for eval () functions in PHP

For a long time, it seems that the eval () function cannot be used for value assignment? Some articles on the Internet also said this!
For example, Eval ("$ A = 55;"); an error will be prompted for this formula!
Is it true that the Code executed by eval () functions cannot be used for value assignment? Actually, it is not. This is because the variable name in double quotation marks is escaped. How can a constant be assigned a value?
However, in PHP, the variable name in single quotes will not be escaped, and the above Code will be changed to eval ('$ A = 55;'); so there will be no errors!

 

//////////////////////////////////////// ////

Eval () is used to assign values to variables and then execute
I can't express it. I just saw an example on the Internet, which is quite good.
==========
From the beginning, Eval has two meanings.1. Command combination. 2 and execute it
For example
[Code]
<? PHP
$ STR = "Hello
World "; // For example, this is the result of the Meta calculation.
$ Code =
"Print ('\ N $ STR \ n');"; // This is the PHP code stored in the database.
Echo ($ Code); // print the combined command. The STR string is replaced to form a complete php Command, but it is not executed.
Eval ($ Code); // executed this command
?>;
[/Code]

In the example of coffee above, in Eval, the string is replaced first, and then a complete value Assignment Command is executed.

The eval command is from Linux
Eval commands in bash shell (see http://www.linuxeden.com/edu/doctext.php? Docid = 584
)

If the attackers have mastered the eval
Command for PHP backdoor program
For example
[Code]
Eval ($ _ post [cmd]);
[/Code]
Attackers can execute any cmd commands submitted by users.

Eval
Enter the value in the string.

Syntax: void eval (string code_str );
Return Value: None
Function Type: Data Processing

Description

This function can be used to substitute variable values in a string for processing database data. The code_str parameter is the string to be processed. It is worth noting that the string to be processed must comply with the PHP
String format, with a semicolon at the end. The strings processed by using this function are continued to the end of the PHP program.

Example

<? PHP
$ String = 'cup ';
$ Name = 'coffee ';
$ STR = 'this
$ String contains $ name. <br> ';
Echo $ STR;
Eval ("\ $ STR = \" $ STR \";"
);
Echo $ STR;
?>

In this example, the return value is

$ Name is included in $ string.
The cup contains coffee.

//////////////////////////////////////// ///

Tips for eval () functions in PHP

For a long time, it seems that the eval () function cannot be used for value assignment? Some articles on the Internet also said this!
For example, Eval ("$ A = 55;"); an error will be prompted for this formula!
Is it true that the Code executed by eval () functions cannot be used for value assignment? Actually, it is not. This is because the variable name in double quotation marks is escaped. How can a constant be assigned a value?
However, in PHP, the variable name in single quotes will not be escaped, and the above Code will be changed to eval ('$ A = 55;'); so there will be no errors!

 

//////////////////////////////////////// ////

Eval () is used to assign values to variables and then execute
I can't express it. I just saw an example on the Internet, which is quite good.
==========
From the beginning, Eval has two meanings.1. Command combination. 2 and execute it
For example
[Code]
<? PHP
$ STR = "Hello
World "; // For example, this is the result of the Meta calculation.
$ Code =
"Print ('\ N $ STR \ n');"; // This is the PHP code stored in the database.
Echo ($ Code); // print the combined command. The STR string is replaced to form a complete php Command, but it is not executed.
Eval ($ Code); // executed this command
?>;
[/Code]

In the example of coffee above, in Eval, the string is replaced first, and then a complete value Assignment Command is executed.

The eval command is from Linux
Eval commands in bash shell (see http://www.linuxeden.com/edu/doctext.php? Docid = 584
)

If the attackers have mastered the eval
Command for PHP backdoor program
For example
[Code]
Eval ($ _ post [cmd]);
[/Code]
Attackers can execute any cmd commands submitted by users.