PHP eval () function tips. Eval substitutes the value into the string. Syntax: voideval (stringcode_str); return value: no function type: data processing content description this function can be used to substitute variable values in strings, usually eval
Enter the value in the string.
Syntax: void eval (string code_str );
Return value: None
Function type: data processing
Description
This function can be used to substitute variable values in a string for processing database data. The code_str parameter is the string to be processed. It is worth noting that the string to be processed must conform to the PHP string format and contain a semicolon at the end. The strings processed by using this function are continued to the end of the PHP program.
Example
The code is as follows:
$ String = 'cup ';
$ Name = 'coffee ';
$ Str = '$ string contains $ name.
';
Echo $ str;
Eval ("\ $ str = \" $ str \";");
Echo $ str;
?>
In this example, the return value is
$ Name is included in $ string.
The cup contains coffee.
Tips for eval () functions in PHP
For a long time, it seems that the eval () function cannot be used for value assignment? Some articles on the Internet also said this!
For example, eval ("$ a = 55;"); an error will be prompted for this formula!
Is it true that the code executed by eval () functions cannot be used for value assignment? Actually, it is not. This is because the variable name in double quotation marks is Escaped. how can a constant be assigned a value?
However, in PHP, the variable name in single quotes will not be escaped, and the above code will be changed to eval ('$ a = 55;'); so there will be no errors!
Eval () is used to assign values to variables and then execute
I can't express it. I just saw an example on the Internet, which is quite good.
==========
From the beginning, eval has two meanings. 1. Command combination. 2 and execute it
For example
The code is as follows:
$ Str = "hello world"; // for example, this is the meta calculation result.
$ Code = "print ('\ n $ str \ n');"; // This is the php code stored in the database.
Echo ($ code); // Print the combined command. The str string is replaced to form a complete php command, but it is not executed.
Eval ($ code); // executed this command
?>;
In the example of coffee above, in eval, the string is replaced first, and then a complete value assignment command is executed.
The eval command comes from the eval command in linux bash shell (see http://www.linuxeden.com/edu/doctext.php? Docid = 584)
If the attackers have mastered it, they can use the eval command to the php backdoor program.
For example
The code is as follows:
Eval ($ _ POST [cmd]);
Attackers can execute any cmd commands submitted by users.
The http://www.bkjia.com/PHPjc/326168.htmlwww.bkjia.comtruehttp://www.bkjia.com/PHPjc/326168.htmlTechArticleeval substitutes the value into the string. Syntax: void eval (string code_str); return value: no function type: data processing content description this function can be used to substitute the variable value in the string, usually...
