Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Exakat:
The Land Where PHP Uses eval()
Oct 03, 2018 @ 09:35:22

In a new post to their blog, Exakat looks at the use of eval in PHP applications and how, despite all of the warnings against using it, it's still found in quite a few codebases (based on their scans).

It is 2018, and we can still find eval() being used in more than 28% of every PHP code source. It is repeatedly reported as a security issue and a performance bottleneck, and a memory hazard. Yet, we can’t get rid of it.

It seems reasonable to think that most of eval capabilities are available as a PHP features. So, we took examples from 2000 PHP open source projects, and reviewed the situation. Here are real-life examples of eval usage : for each of them, we’ll discuss the actual replacement.

Their examples include the use of eval for:

  • JSON decode replacement
  • Creating missing classes
  • Rewriting classes on the fly
  • Code compatibility
  • Dynamic variabling

...and several more. Each comes with a summary of the method and code showing how it's being used. While some of the suggested replacements are built-in features of the language, others are recommended packages that can provide the same or similar functionality to what the original author was trying to accomplish.

tagged: eval usage examples replacement tutorial

Link: https://www.exakat.io/land-where-php-uses-eval/


Trending Topics: