因为没有其他选择,在什么情况下需要使用eval()? [英] What situations demand the use of eval() because there are no alternatives?
问题描述
我知道出于速度和安全性原因,应避免在JavaScript中使用eval.但是就PHP而言,很少提及安全性.通常,由于偶然使用eval,导致您的程序运行速度比正常情况慢.
I know eval should be avoided in JavaScript for speed and security reasons. But in the case of PHP, rarely is security ever mentioned. More often, it's your program running slower than it should because of a haphazard use of eval.
在什么情况下应该使用eval,因为没有其他方法可以解决?
In what specific situations should you use eval because there is no other way around it?
为清楚起见:
我们不是在谈论用户提供的数据.因此,问题集中在eval的纯且完全受控的服务器端有效使用上.
We're not talking about user-supplied data. So the question is focused on pure and fully-controlled server-side valid use of eval.
推荐答案
在PHP中使用eval对eval进行代码编码的安全性问题与Javascript中的安全性问题相同:如果您评估某些代码,则必须确保它来自哪里,以及它包含什么.
The security problems of eval-uating code with eval in PHP are the same as in Javascript : if you evaluate some code, you've got to be sure where it comes from, and what it contains.
安全隐患甚至可能更大,因为PHP可以访问您的数据库(除其他外)-这意味着它可以用于窃取/破坏您的应用程序所依赖的几乎所有信息!
The security implications might even be greater, as PHP has access to your database (amongst other things) -- which means it can be used to steal/corrupt almost avery informations your application relies on !
在Java语言中,他们说评估是邪恶的";在PHP中,在Java语言中也是如此.
In Javascript, they say that "eval is evil" ; it's probably as true in PHP that it's true in Javascript.
现在,关于无法避免使用eval的特定情况...好吧,在PHP开发4年作为我的日常工作中,我不记得曾经在自己的代码中使用过eval ^^
Now, about specific situations in which you cannot avoid using eval... Well, in something like 4 years of developping in PHP as my every-day job, I don't remember having ever used eval in my own code ^^
例如,当您将某些代码存储在数据库中,而不是将其缓存在文件(可能包括在内)中时,需要eval的情况的例子-例如,某些CMS会发生这种情况,从而允许在管理部分中键入部分PHP代码.
Still, and example of situation where you need eval would be when you are storing some code in database, for instance, and not caching it in files (which could be included) -- that happens with some CMS that allow portions of PHP code to be typed in the administration section, for instance.
这篇关于因为没有其他选择,在什么情况下需要使用eval()?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
