I think many of my friends know that this function is the most commonly used by hackers. it can parse php code and run it. eval is a function that cannot be banned in php, in the past, I thought I could use php. ini disables this function and the result fails.
Eval definition and usage
The eval () function calculates the string according to the PHP code.
The string must be a valid PHP code and must end with a semicolon.
If the return statement is not called in the code string, NULL is returned. If a parsing error exists in the code, the eval () function returns false.
Syntax
Eval (phpcode)
Parameter description
Phpcode is required. Specifies the PHP code to be calculated.
Tips and comments
Note: The Return statement immediately terminates string calculation.
Note: This function is useful for storing code in database text fields for future computation.
Example
The code is as follows:
$ String = "beautiful ";
$ Time = "winter ";
$ Str = 'This is a $ string $ time morning! ';
Echo $ str ."
";
Eval ("$ str =" $ str ";");
Echo $ str;
?>
Output:
The code is as follows: This is a $ string $ time morning!
This is a beautiful winter morning!
The eval () function is also useful in the CodeIgniter framework. In the/system/database/DB. php file, a class CI_DB is dynamically defined according to the system configuration. the specific code snippet is as follows :?
The code is as follows:
If (! Isset ($ active_record) OR $ active_record = TRUE)
{
Require_once (BASEPATH. 'database/DB_active_rec.php ');
If (! Class_exists ('ci _ db '))
{
Eval ('class CI_DB extends CI_DB_active_record {}');
}
}
Else
{
If (! Class_exists ('ci _ db '))
{
Eval ('class CI_DB extends CI_DB_driver {}');
}
}
Require_once (BASEPATH. 'database/drivers/'. $ params ['dbdriver']. '/'. $ params ['dbdriver '].' _ driver. php ');
// Instantiate the DB adapter
$ Driver = 'ci _ DB _ '. $ params ['dbdriver']. '_ driver ';
$ DB = new $ driver ($ params );
This function can be used to substitute variable values in a string for processing database data. The code_str parameter is the string to be processed. It is worth noting that the string to be processed must conform to the PHP string format and contain a semicolon at the end. The strings processed by using this function are continued to the end of the PHP program.