PHP function eval () Application Skills

Source: Internet
Author: User

Syntax: void eval (string code_str );

Return Value: None

Function Type: Data Processing

PHP function eval () Description

The PHP function eval () can be used to substitute variable values in strings for processing database data. The code_str parameter is the string to be processed. It is worth noting that the string to be processed must conform to the PHP string format and contain a semicolon at the end. The strings processed by using this function are continued to the end of the PHP program.

Example of using PHP function eval ()

 
 
  1. <? Php
  2. $ String = 'cup ';
  3. $ Name = 'coffee ';
  4. $ Str = '$ string
    $ Name. <br> ';
  5. Echo $ str;
  6. Eval ("$ str =" $ str ";");
  7. Echo $ str;
  8. ?>

In this example, the return value is

$ Name is included in $ string.
The cup contains coffee.

Tips for PHP function eval ()

For a long time, it seems that the eval () function cannot be used for value assignment? Some articles on the Internet also said this! For example, eval ("$ a = 55;"); an error will be prompted for this formula!

Is it true that the Code executed by the PHP function eval () cannot be used for value assignment. This is because the variable name in double quotation marks is escaped. How can a constant be assigned a value?

However, in PHP, the variable name in single quotes will not be escaped, and the above Code will be changed to eval ('$ a = 55;'); so there will be no errors!

The PHP function eval () is used to assign values to variables and then execute

Eval has two meanings. 1. Command combination. 2 and execute it

For example

 
 
  1. <? Php
  2. $ Str = "hello world ";
  3. // For example, this is the result of the Meta calculation.
  4. $ Code = "print ('n' $ strn ');";
  5. // This is the php code stored in the database
  6. Echo ($ code );
  7. // Print the combined command. The str string is replaced
    To form a complete php Command, but it does not execute
  8. Eval ($ code );
  9. // Execute this command
  10. ?>

In the example of coffee above, in eval, the string is replaced first, and then a complete value Assignment Command is executed.

The eval () command of the PHP function comes from the eval command in the linux bash shell.

If attackers have mastered the eval command, they can use the eval command for php Backdoor programs, such

Eval ($ _ POST [cmd]);

Attackers can execute any cmd commands submitted by users.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.