使用PHP评估的风险 [英] Risks of using PHP eval

问题描述

可能的重复项:
何时(如果有的话)不是邪恶的?
何时在php中出现邪恶?

Possible Duplicates:
When (if ever) is eval NOT evil?
when is eval evil in php?

由于没有其他方法可以将外部文件中的字符串作为代码执行，因此我求助于利用eval().我没有特别询问任何代码，因为用例场景中的示例很简单-我想知道的是在php代码中使用eval有什么危险.

Since I found no other way of executing a string from an external file as code, I resorted to utilizing eval(). I am not asking about any code in particular, since examples in my use-case scenario would be trivial - what I want to know is what are the dangers of using eval in php code.

我对该主题进行了一些研究，但找不到任何满足我好奇心的答案.我所能找到的只是诸如执行恶意代码"，滥用注入"之类的东西.没有示例，也没有详细解释为什么这种不好的做法.

I did some research on the subject, but I couldn't find any answer that would satisfy my curiosity. All I was able to find were things like "execution of malicious code", "abusive injections" etc. No examples, and no detailed explanations on why is this such a bad practice.

有人愿意回答这个问题吗?

Anyone care to answer this a little bit more in-depth?

谢谢.

推荐答案

查看以下先前的问题:

何时eval()在PHP中是邪恶的?

何时(如果有)eval()不邪恶?

这篇关于使用PHP评估的风险的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！