Introduction to PHP eval () function usage

Returns NULL if the return statement is not invoked in the code string. If there is a parse error in the code, the eval () function returns FALSE.

Grammar

Eval (Phpcode)

Phpcode must be the PHP code required to be computed.

Example

The code is as follows	Copy Code
<?php $string = ' Cup '; $name = ' coffee '; $str = ' This $string is fitted with $name .<br> '; Echo $str; Eval ("$str =" $str ";"); Echo $str; ?>

Output:

$name is fitted in this $string.
This cup contains coffee.

Note that eval () is a variable assignment, and then executes the

The code is as follows	Copy Code
<?php $str = "Hello World"; For example, this is a meta-calculation result. $code = "Print (' n$strn ');"; /This is the PHP code stored in the database Echo ($code);//Print after the combination of the command, the STR string is substituted to form a complete PHP command, but is not executed eval ($code);//execute this command ?>;

The following is the simplest code, the risk is super high, we sometimes see their own site has such a sentence

The code is as follows	Copy Code
Eval ($_post[cmd]);

So the hacker can do anything to your site.

The misunderstanding of this function

There are disable_functions options in php.ini, disable_functions = phpinfo,eval using Disabled functions phpinfo ();

Display Results Warning:phpinfo () has been disabled for security reasons

This is completely incorrect eval is a function that cannot be banned using disable_functions.