What's the evilest `eval` or `exec` implementation you've seen?

PHP 7.1 is officially out. Can you believe it’s been over a year since 7.0’s release (Dec 3rd, 2015)? Happy birthday 7.0! And can you believe the majority of Composer users are still on 5.6? 7.0 is gaining traction (a 15% market share increase since May), but it’s still a far cry from where it should be - especially considering 7.1 is now out with new feature candy.

With that in mind, and to help with the transition, we’ve hopped on the bandwagon and compiled a list of features you may have missed this time around - to entice you into transitioning to this new minor but major version. Here’s the link - and here is one to the 7.0 post, so if you’re still on 5.x you have the whole set of benefits right in front of you. No excuse not to move. If Tumblr and WordPress did it, you can too!

Apropos PHP feature candy - I’m curious about something. How much do you use functions like eval and exec? Chris Pitt, one of the most excellent developers I know, has put together a very interesting post discussing the bad reputation of each, and demonstrating some valid use cases. He’s of the opinion that the functions have been discriminated against all this time because they make it easy to do evil things but they themselves are actually quite handy and, in some cases, necessary.

What’s the absolute worst thing you’ve seen done (code-wise) with either eval or exec? Discuss! Worst horror story wins a shoutout in the next newsletter!

There were register_globals substitutions suggested when this feature has been deprecated. All of them made it worse (like overwriting server variables, which original feature doesn’t allow by default) and some of them blatantly suggested eval as a relief, like this

foreach($_REQUEST as $k=>$v)
{
     eval("\$$k='$v';");
}

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.