The `eval` function is used to execute the passed string as PHP code.
PHP is an interpreted language, which means in particular that its code is evaluated by an interpreter, a special type of program that reads the code you write and evaluates it directly from the string in real time. Other languages (such as C) must be compiled into machine code before they can be run.
Because PHP is interpreted, there is a way to change exactly what will be evaluated at runtime and even compile the code dynamically, which is exactly what
eval() is good for.
Only use the
eval function when you know exactly what you are doing! This means, in particular, that you have checked all user input and no security breaches can occur. This is because if a user manages to sneak his string into the
eval function, it will be evaluated as real code and can, for example, delete the entire site, steal the database or gain control of the entire server.
There are not many good examples where
eval can be used, because practically there is always a better way to solve the problem.
For example, it can be used when evaluating expressions:
// User query$query = '5 + 3 * 2';// Process the expression as regular PHP codeeval('$result = @(' . $query . ');');// Extract a variable with the solution to the expressionecho $result; // prints 11
For details, see Calculator in PHP: Processing a mathematical expression as a string.
eval is used to evaluate generated code, typically compiled templates.
However, as mentioned, each case can be handled differently and better, and in this case it makes more sense to save the serialized template in a separate PHP file and load it via
include. In addition to having full control over the content of the template, it will also remain physically on disk, which supports improved application performance due to the caching capability.
Jan Barášek Více o autorovi
Autor článku pracuje jako seniorní vývojář a software architekt v Praze. Navrhuje a spravuje velké webové aplikace, které znáte a používáte. Od roku 2009 nabral bohaté zkušenosti, které tímto webem předává dál.
Rád vám pomůžu:
Články píše Jan Barášek © 2009-2023 | Kontakt | Mapa webu
Status | Aktualizováno: ... | en