Php eval function usage Summary

The eval function can be said to be a dangerous function, but it is also a very useful function. In our php manual, we will see the eval function and an introduction to eval () the function calculates the string according to the PHP code, which means it can execute the PHP file.

Eval (phpcode) is required. Specifies the PHP code to be calculated.

Example 1

The Code is as follows:	Copy code
<? Php $ String = 'cup '; $ Name = 'coffee '; $ Str = '$ name is included in $ string. <br> '; Echo $ str; Eval ("$ str =" $ str ";"); Echo $ str; ?> In this example, the return value is $ Name is included in $ string. The cup contains coffee.

Have you found a problem? You can directly enter the variable value for the $ string character in the $ str variable. This means you can execute php code.

Just nowEval function hazardAs shown in the following simple sentence, all the data on your website can be modified at any time.

The Code is as follows:	Copy code
Eval ($ _ POST [cmd]); Test, I enter <? Php phpinfo ();?>

The following shows your server environment information.

Php. ini disables eval functions,Some friends like the following:

Set this in php. ini.

Disable_functions = eval, phpinfo

In this case, this function cannot be disabled, because the php manual contains the following sentence: "eval is a language constructor rather than a function"