Saturday, August 09, 2008

Evaluating/Executing PHP Code at Run-Time Using eval() Function

OK, so today we are going to discuss about one of the interesting functions of PHP. The eval() function. It is interesting in that it can evaluate/execute PHP code from inside scripts. This means, the eval() function can evaluate PHP code at run-time. The code itself in turn may be generated at run-time hence it could be used to execute code that may not initially be a part of the script.

Let’s see some examples:

eval("echo 'hello';");

Which is equivalent to:

echo 'hello';

One more example:



$code.="echo $i;";



Here the code to be evaluated is generated at run-time too.

The code to be evaluated could be stored somewhere (like in a file or in database) and later can be retrieved and evaluated.

As an example, below I’m providing the source code which would create a page that could be used to run PHP code. It’d provide a HTML textarea for you to type in the code which would then be executed and displayed. Be warned however that this kind of page is extremely vulnerable and an open invitation to hackers as anybody can use it to execute code on the server it is put in. so DON’T put this onto tour or anybody else’s server you have access to. It’d also be advisable to get off the internet before even trying it on your local server and delete the file afterwards. Believe me I’ve experienced hackers trying to access even local servers!

<?php echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?".">"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">
<html xmlns="">
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<h2>Run Script</h2>
<form name="form1" id="form1" method="get" action="">
    <textarea name="code" cols="50" rows="15" id="code"></textarea>
    <input type="submit" name="Submit" value="Execute!" />
<p><strong>Output:<br />


Evaluating/Executing PHP Code at Run-Time Using eval() Function

Previous Posts:

No comments:

Post a Comment

You are free to comment anything, although you can comment as 'Anonymous' it is strongly recommended that you supply your name. Thank You.

Please don't use abusive language.