Returns NULL if the return statement is not invoked in the code string. If there is a parse error in the code, the eval () function returns FALSE.
Grammar
Eval (Phpcode)
Phpcode must be the PHP code required to be computed.
Example
The code is as follows |
Copy Code |
<?php $string = ' Cup '; $name = ' coffee '; $str = ' This $string is fitted with $name .<br> '; Echo $str; Eval ("$str =" $str ";"); Echo $str; ?> |
Output:
$name is fitted in this $string.
This cup contains coffee.
Note that eval () is a variable assignment, and then executes the
The code is as follows |
Copy Code |
<?php $str = "Hello World"; For example, this is a meta-calculation result. $code = "Print (' n$strn ');"; /This is the PHP code stored in the database Echo ($code);//Print after the combination of the command, the STR string is substituted to form a complete PHP command, but is not executed eval ($code);//execute this command ?>; |
The following is the simplest code, the risk is super high, we sometimes see their own site has such a sentence
The code is as follows |
Copy Code |
Eval ($_post[cmd]); |
So the hacker can do anything to your site.
The misunderstanding of this function
There are disable_functions options in php.ini, disable_functions = phpinfo,eval using Disabled functions phpinfo ();
Display Results Warning:phpinfo () has been disabled for security reasons
This is completely incorrect eval is a function that cannot be banned using disable_functions.