News Feed

News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Davey Shafik's Blog:
Avoiding EVAL()
February 02, 2009 @ 11:15:24

Davey Shafik has a helpful hint for avoiding one of the worst functions to use in PHP - eval.

There are a shed-load of ways to "eval()" code without actually calling the eval() function '" usually done simply to avoid the use of the dreaded "evil()" function, but often times because the system has eval() disabled using "disable_functions" in php.ini. Here is another simple way to avoid eval() without writing out files to the filesystem

His example uses the streams wrapper to natively execute the code from a string variable as a data element, base64 decoded. It's more of a proof-of-concept than anything else, but its an interesting solution to a tough problem to solve at times.

0 comments voice your opinion now!
eval evil avoid streams wrapper data base64 execute

blog comments powered by Disqus

Similar Posts

Michelangelo van Dam's Blog: Zend Framework data models

ThinkPHP Blog: Virtual Data Grid: becoming reality soon

International PHP Magazine: IPM Poll Question: Which is your Favorite CMS written in PHP?

Kore Nordmann's Blog: Generating XML schemas from XML data

Davey Shafik's Blog: Avoiding EVAL()

Community Events

Don't see your event here?
Let us know!

release podcast api language framework install library symfony package laravel opinion community interview list series introduction deployment voicesoftheelephpant bugfix tips

All content copyright, 2014 :: - Powered by the Solar PHP Framework