Introduction to correct disabling of eval function and misunderstandings in PHP_PHP Tutorial

The eval function is a function in php and not a system component function. We cannot disable it through disable_functions in php.ini, so it is not a php_function.

eval() is very destructive for PHP security. It is generally not used in order to prevent

The code is as follows

代码如下	复制代码

Copy code

代码如下	复制代码
$string = '杯子'; $name = '咖啡'; $str = '这个 $string 中装有 $name. '; echo $str; eval( "$str = "$str";" ); echo $str; ?>

Usage Example

The code is as follows

Copy code

代码如下	复制代码
$str="hello world"; //比如这个是元算结果 $code= "print('n$strn');";//这个是保存在数据库内的php代码 echo($code);//打印组合后的命令,str字符串被替代了,形成一个完整的php命令,但并是不会执行 eval($code);//执行了这条命令 ?>;

$string = 'cup';

$name = 'coffee';

$str = 'This $string contains $name.
'; echo $str;

eval( "$str = "$str";" );
echo $str;

?>

The return value in this example is

This $string contains $name.

This cup contains coffee.

Or more advanced is

$code= "print('n$strn');";//This is the php code saved in the database echo($code);//Print the combined command, the str string is replaced, forming a complete php command, but it will not be executed

The code is as follows	Copy code
$str="hello world"; //For example, this is the result of yuan calculation

eval($code);//Executed this command

?>;

In your coffee example above, in eval, first the string is replaced, and secondly, after the replacement, a complete assignment command is executed. Ponies like this smashing into doors need to be banned Many people on the Internet say that using disable_functions to disable eval is wrong In fact, eval() cannot be disabled using disable_functions in php.ini because eval() is a language construct and not a function eval is zend, not a PHP_FUNCTION function;

How to disable eval in php:

If you want to disable eval, you can use the php extension Suhosin After installing Suhosin Load Suhosin.so in php.ini and add suhosin.executor.disable_eval = on then To summarize, the php eval function cannot be disabled in php and we can only use plug-ins http://www.bkjia.com/PHPjc/632829.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/632829.htmlTechArticleThe eval function is a function in php and not a system component function. Our disable_functions in php.ini cannot It is prohibited because it is not a php_function. eval() for ph...