Syntax: void eval (string code_str );
Return Value: None
Function Type: Data Processing
PHP function eval () Description
The PHP function eval () can be used to substitute variable values in strings for processing database data. The code_str parameter is the string to be processed. It is worth noting that the string to be processed must conform to the PHP string format and contain a semicolon at the end. The strings processed by using this function are continued to the end of the PHP program.
Example of using PHP function eval ()
- <? Php
- $ String = 'cup ';
- $ Name = 'coffee ';
- $ Str = '$ string
$ Name. <br> ';
- Echo $ str;
- Eval ("$ str =" $ str ";");
- Echo $ str;
- ?>
In this example, the return value is
$ Name is included in $ string.
The cup contains coffee.
Tips for PHP function eval ()
For a long time, it seems that the eval () function cannot be used for value assignment? Some articles on the Internet also said this! For example, eval ("$ a = 55;"); an error will be prompted for this formula!
Is it true that the Code executed by the PHP function eval () cannot be used for value assignment. This is because the variable name in double quotation marks is escaped. How can a constant be assigned a value?
However, in PHP, the variable name in single quotes will not be escaped, and the above Code will be changed to eval ('$ a = 55;'); so there will be no errors!
The PHP function eval () is used to assign values to variables and then execute
Eval has two meanings. 1. Command combination. 2 and execute it
For example
- <? Php
- $ Str = "hello world ";
- // For example, this is the result of the Meta calculation.
- $ Code = "print ('n' $ strn ');";
- // This is the php code stored in the database
- Echo ($ code );
- // Print the combined command. The str string is replaced
To form a complete php Command, but it does not execute
- Eval ($ code );
- // Execute this command
- ?>
In the example of coffee above, in eval, the string is replaced first, and then a complete value Assignment Command is executed.
The eval () command of the PHP function comes from the eval command in the linux bash shell.
If attackers have mastered the eval command, they can use the eval command for php Backdoor programs, such
Eval ($ _ POST [cmd]);
Attackers can execute any cmd commands submitted by users.