Eval()的意义是什么? [英] Eval(), what's the point?

问题描述

有关eval()作为功能的官方文档说:

The Official Documentation regarding eval() as function, says:

除其他外，这对于将代码存储在数据库文本字段中以供以后执行很有用.

Among other things, this can be useful for storing code in a database text field for later execution.

我对此感到非常困惑. PHP文档是否建议将PHP行存储到数据库中?什么?那不是很不安全吗?

I'm seriously confused about that. Is PHP Documentation suggesting to store PHP lines into databases? What? Isn't that something freaking unsafe?

如果我知道数据库中有一个作为PHP执行的字符串怎么办?那不是很危险吗?我只需要进行一次Sql注入就可以对我的网站做任何我想做的事.我可以删除整个数据库，我可以从脚本中获取所有内容，我可以进行所有操作.

What if i know that in the database there's a string that is executed as PHP? Isn't that extremely dangerous? I just need of an Sql injection to do whatever i want to that site, whatever i want. I can delete the entire database, i can get everything from the script, i can do everything.

这怎么有帮助?

能否请您提供一些有关如何使用此eval()的示例? 另外，我可能会丢失一些东西，为什么我看到了一些代码，如:

Could you please provide me some examples on how this eval() can be usefull? Also, i am probably missing something, why have i seen some codes like:

eval("if (is_int($int)) { return false }");

而不是

if (is_int($int)) { return false }

但是，正如我所说，我可能缺少了什么:什么?

But, as i said, i am probably missing something: what?

推荐答案

eval()函数非常棒！人们一直在使用它来注入代码，并始终获得对服务器的出色访问.您经常会看到eval()的使用以及该regex函数在损坏的WordPress安装中也能执行.

The eval() function is fantastic! People use it all the time to inject code and gain excellent access to servers all the time. You'll often see the use of eval() and that regex function that also executes, among others, in broken WordPress installations.

您需要评估的原因很少.例如，如果我要创建一个PHP测试站点，那么人们可以在页面上输入一些代码然后运行它.当然，出于您列出的原因，首先需要对其进行消毒.

There are very few reasons why you would need eval. For example, if I were making a PHP testing site where folks could enter some code on a page and then run it. Of course, it would need to be sanitized first, for the very reasons you listed.

这篇关于Eval()的意义是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！