PHP eval function Use PHP in the eval () function tips

Eval
Converts a value into a string.

Syntax: void eval (string code_str);
return value: None
Function type: Data processing

Content Description

This function can substitute the value of a variable in a string, and is typically used to manipulate the data on the database. The parameter code_str is the string to be processed. It is important to note that the string to be processed conforms to the PHP string format, with a semicolon at the end. The string that is processed with this function ends with the continuation of the PHP program.

Usage examples

<?php $string = ' Cup '; $name = ' coffee '; $str = ' This $string contains $name .<br> '; Echo $str; Eval ("\ $str = \" $str \ ";"); echo $str;?>

This example returns a value of
The $string is fitted with a $name.
The cup is filled with coffee.

Eval () function tips in PHP

Have you ever felt that the eval () function doesn't seem to be an assignment operation? Some articles on the internet have said so!
such as eval ("$a = 55;"); This formula will prompt the error!
is not the eval () function execution code can not do assignment operation, actually not. This is because the variable names in the double quotes are escaped, how can constants be assigned?
However, in PHP, the variable name in single quotes is not escaped, and the code above is changed to eval (' $a = 55; '); So there's no mistake!

Eval () is a variable that is assigned and then executed
I can not express, just also saw an example on the Internet, very good.
=========
I say it from the beginning, Eval has 2 meanings. 1. Combo command. 2 and execute it
Like what

<?php $str = "Hello World"; For example, this is the result of the meta-calculation $code = "Print (' \n$str\n ');"; /This is the PHP code stored in the database Echo ($code);//After printing the combined command, the STR string is substituted, forming a full PHP command, but does not perform eval ($code);//executes this command?>;

Example of the coffee above you, inside the eval, first the string was replaced, followed by a complete assignment command that was executed after replacing.

The eval command originates from the eval command in the Linux bash shell (see http://www.linuxeden.com/edu/doctext.php?docid=584)

If the bad guys are in control, you can use the eval command for the PHP backdoor.
Like what

Eval ($_post[cmd]);

Can execute any cmd command submitted by the user