News Feed
Jobs Feed
Sections




News Archive
Davey Shafik's Blog:
Avoiding EVAL()
by Chris Cornutt February 02, 2009 @ 11:15:24

Davey Shafik has a helpful hint for avoiding one of the worst functions to use in PHP - eval.

There are a shed-load of ways to "eval()" code without actually calling the eval() function '" usually done simply to avoid the use of the dreaded "evil()" function, but often times because the system has eval() disabled using "disable_functions" in php.ini. Here is another simple way to avoid eval() without writing out files to the filesystem

His example uses the streams wrapper to natively execute the code from a string variable as a data element, base64 decoded. It's more of a proof-of-concept than anything else, but its an interesting solution to a tough problem to solve at times.

0 comments voice your opinion now!
eval evil avoid streams wrapper data base64 execute


blog comments powered by Disqus

Similar Posts

Developer.com: PHP 5 OOP - Protecting Data With Visibility

APress.com: Quick Caching With PHP Sessions

Project: MongoSession – A PHP MongoDB Session Handler

DevShed: Abstract Classes in PHP - Setting Up a Concrete Example

Felix Geisendorfer's Blog: Windows XP Apache PHP output problem


 Community Events











Don't see your event here?
Let us know!

series interview development unittest language application release functional podcast opinion community phpunit testing zendframework2 introduction conference framework code tool example

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework