使用PHP评估的风险 [英] Risks of using PHP eval
问题描述
可能的重复项:
何时(如果有的话)不是邪恶的?
何时在php中出现邪恶?
Possible Duplicates:
When (if ever) is eval NOT evil?
when is eval evil in php?
由于没有其他方法可以将外部文件中的字符串作为代码执行,因此我求助于利用eval().我没有特别询问任何代码,因为用例场景中的示例很简单-我想知道的是在php代码中使用eval有什么危险.
Since I found no other way of executing a string from an external file as code, I resorted to utilizing eval(). I am not asking about any code in particular, since examples in my use-case scenario would be trivial - what I want to know is what are the dangers of using eval in php code.
我对该主题进行了一些研究,但找不到任何满足我好奇心的答案.我所能找到的只是诸如执行恶意代码",滥用注入"之类的东西.没有示例,也没有详细解释为什么这种不好的做法.
I did some research on the subject, but I couldn't find any answer that would satisfy my curiosity. All I was able to find were things like "execution of malicious code", "abusive injections" etc. No examples, and no detailed explanations on why is this such a bad practice.
有人愿意回答这个问题吗?
Anyone care to answer this a little bit more in-depth?
谢谢.
推荐答案
查看以下先前的问题:
这篇关于使用PHP评估的风险的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!