eval() - php 选项信息函数
eval()
(PHP 4, PHP 5, PHP 7)
把字符串作为PHP代码执行
说明
eval(string $code): mixed把字符串$code作为PHP代码执行。
Caution函数eval()语言结构是非常危险的,因为它允许执行任意 PHP 代码。它这样用是很危险的。如果您仔细的确认过,除了使用此结构以外别无方法,请多加注意,不要允许传入任何由用户提供的、未经完整验证过的数据。
参数
$code需要被执行的字符串
代码不能包含打开/关闭PHP tags。比如,'echo "Hi!";'不能这样传入:''。但仍然可以用合适的 PHP tag 来离开、重新进入 PHP 模式。比如'echo "In PHP mode!";?>In HTML mode! foo foo imo, this is a better eval replacement:
- why? betterEval follows normal php opening and closing tag conventions, there's no need to strip `` from the source. and it always throws a ParseError if there was a parse error, instead of returning false (note: this was fixed for normal eval() in php 7.0). - and there's also something about exception backtraces
To catch a parse error in eval()'ed code with a custom error handler, use error_get_last() (PHP >= 5.2.0).
Magic constants like __FILE__ may not return what you expect if used inside eval()'d code. Instead, it'll answer something like "c:\directory\filename.php(123) : eval()'d code" (under Windows, obviously, checked with PHP5.2.6) - which can still be processed with a function like preg_replace to receive the filename of the file containing the eval().
Example:
If you attempt to call a user defined function in eval() and .php files are obfuscated by Zend encoder, it will result in a fatal error.
Use a call_user_func() inside eval() to call your personal hand made functions.
This is user function
//Checking if eval sees it?
This will result in a fatal error:
PHP Fatal error: Call to undefined function square_it()
This will work
eval does not work reliably in conjunction with global, at least not in the cygwin port version.
So:
becomes to working:
Note in the 2nd example, you _always_ need to use $GLOBALS[$module] to access the variable!
鹏仔微信 15129739599 鹏仔QQ344225443 鹏仔前端 pjxi.com 共享博客 sharedbk.com
图片声明:本站部分配图来自网络。本站只作为美观性配图使用,无任何非法侵犯第三方意图,一切解释权归图片著作权方,本站不承担任何责任。如有恶意碰瓷者,必当奉陪到底严惩不贷!