SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Evangelist
    Join Date
    Oct 2000
    Posts
    430
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    What the eval() is this??

    Hi,

    I looked at the code for a number of well made scripts (vB included) and it makes extensive use of the eval() function.
    I've looked in 'Beginning PHP4 (Wrox)' and there is no mention of this function.

    Could someone explain exactly what this function is and in what sort of context you would use it in. Hopefully this would be useful to quite a few less enlightened members.

    Cheers

  2. #2
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Basically, eval() lets you take a string that contains PHP code and evaluate it:

    PHP Code:
    eval("echo 'test';"); // outputs "test" 
    It comes in handy whenever you want to be able to execute 'some code' where the code itself is coming from someplace like a database. Generally these situations are fairly rare, except in very complex systems (where, honestly, there's usually a better way as well...).
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  3. #3
    SitePoint Evangelist
    Join Date
    Oct 2000
    Posts
    430
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So essentially it just executes a piece of code/function which you place within the eval();

    Am I right?

  4. #4
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Correct, and it returns the value of the code produced. E.g.:

    Code:
    $myvar = '$myvar2';
    $myvar2 = "hello!";
    
    echo eval($myvar); // prints "hello!"
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  5. #5
    SitePoint Columnist Skunk's Avatar
    Join Date
    Jan 2001
    Location
    Lawrence, Kansas
    Posts
    2,066
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Generally you should be incredibly careful using this function - in fact it's best not to use it at all unless you've got a very good reason to. The eval function will execute code contained in a variable, and if that variable came from the internet a hacker could use it to feed malicious code to your script (for example he could sent the PHP command to delete all the files on your server and the eval command would then do just that!).

    vBulletin uses eval() for their template system I think - however even they had problems with this. There was a security flaw in vBuletin 1.1.3 where there was a way for crackers to feed code to the eval() statement and thus "hack" the forums.

    Use with extreme caution!

    www.php.net/eval

  6. #6
    SitePoint Evangelist
    Join Date
    Oct 2000
    Posts
    430
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cheers - I think I'll steer clear for the time being.

    Skunk - as you've reappeared - is there any news on your article script??

    There's a thread near the bottom - myself and a couple of others where waiting on any news.

    Cheers.
    Last edited by ChilliBoy; Jun 18, 2001 at 13:45.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •