I think many friends know this function. It is the most commonly used sentence by hackers. It can parse php code and run it. eval is a function that cannot be disabled in php. I used to think that this function could be disabled in php.ini, but it failed. .
Definition and usage
eval() function calculates the string according to the PHP code. The string must be a legal PHP code and must end with a semicolon. If the return statement is not called in the code string, then Return NULL, if there is a parsing error in the code, the eval() function returns false.
Syntax: eval(phpcode)
Parameter description
phpcode required, specifies the PHP code to be calculated.
Tips and comments
Comments :The return statement will immediately terminate the calculation of the string.
Note: This function is useful for storing code in the database text field for future calculations.
PHP example code is as follows:
$string = "beautiful";
$time = "winter";
$str = 'This is a $string $time morning!';
echo $str. "
";
eval("$str = "$str";");
echo $str;
?>
//Output:
//This is a $string $time morning!
//This is a beautiful winter morning! The
eval() function is also used in the CodeIgniter framework. In the /system/database/DB.php file, a class CI_DB is dynamically defined based on the system configuration. Specific code snippets As follows:
if (! isset($active_record) OR $active_record == TRUE)
{
require_once(BASEPATH.'database/DB_active_rec.php'); if ( ! class_exists('CI_DB') )
class CI_DB extends CI_DB_driver {}'); 'dbdriver']. '_driver.php');
// Instantiate the DB adapter,phpfensi.com
$driver = 'CI_DB_'.$params['dbdriver'].'_driver';
$DB = new $driver ($params);
This function can substitute the variable value in the string. It is usually used to process database data. The parameter code_str is the string to be processed. It is worth noting that the string to be processed must comply with PHP's string format, and there must be a semicolon at the end. The string processed by this function will continue until the end of the PHP program.