The eval() function is a function that everyone wants to ban in PHP. The eval() function is very dangerous. Let me introduce to you some problems and solutions of the eval() function in PHP.
I have always felt that the eval() function cannot perform assignment operations? Some articles on the Internet also said this!
For example, the formula eval("$a=;"); will prompt an error!
Is it because the code executed by the eval() function cannot perform assignment operations? In fact, it is not. This is because the variable name in double quotes is escaped. How can a constant be assigned a value?
However, in PHP, variable names in single quotes will not be escaped. Change the above code to eval('$a=;'); so there is no error!
eval() is an interesting PHP function
Pass code test, no further explanation:
The code is as follows
| 代码如下 |
复制代码 |
|
Parse error: syntax error, unexpected 'echo' (T_ECHO) in E:webwwwswoole_testeval.php(4) : eval()'d code on line 1
word!
*/
?>
|
|
Copy code
|
|
Parse error: syntax error, unexpected 'echo' (T_ECHO) in E:webwwwswoole_testeval.php(4) : eval()'d code on line 1
| 代码如下 |
复制代码 |
|
$str = '你好,世界! echo "Hello,";';
$content = eval('?>'.$str); // 注意,此时eval里 加了 "?>" 字符串
echo 'word!';
// 执行结果:
/*
你好,世界! echo "Hello,";word!
*/
?>
|
word!
*/
?>
| 代码如下 |
复制代码 |
|
$str = '你好,世界! ';
$content = eval('?>'.$str);
echo 'word!';
// 执行结果:
/*
你好,世界! Hello,word!
*/
?>
|
2. When there is illegal php code in the string, an error will be reported. I believe everyone knows it!
| The code is as follows
|
Copy code
|
|
$str = 'Hello, world! echo "Hello,";';
$content = eval('?>'.$str); // Note that the "?>" string is added to eval at this time |
echo 'word!';
//Execution result:
/*
Hello world! echo "Hello,";word!
*/
?>
3. At this time, there is illegal php code in the string, but no error is reported.
-Because "?>" (php terminator) is added in front, it has regarded all the following "strings" as "strings", right?
The following is based on (3), embedding the module in the string, which is equivalent to embedding php code in an html file. What will happen to it?
| The code is as follows
|
Copy code
|
|
<🎜> <🎜>
<🎜> $str = 'Hello, world! ';
$content = eval('?>'.$str);
echo 'word!';
//Execution result:
/*
Hello world! Hello, word!
*/
?>
OK! It will recognize the php module in "string" and execute it!
The above example actually illustrates the role of eval('?>'.$str) and eval($str).
Actually, inside $str of eval($str),
If the string contains ,
Then the $str string must be preceded by with a "?>" php terminator.
In Ecshop's template engine, the eval('?>'.$str) method is used to parse the PHP module embedded in the template---of course, before doing this, the tags must be parsed and translated into PHP code. .
http://www.bkjia.com/PHPjc/628738.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/628738.htmlTechArticleThe eval() function is a function in PHP that everyone wants to ban. The eval() function is very dangerous. Let me introduce to you some problems and solutions to the eval() function in PHP. All the time...
|
|
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
