Evaluating/Executing PHP Code at Run-Time Using eval() Function

OK, so today we are going to discuss about one of the interesting functions
of PHP. The eval() function. It is interesting in that it can evaluate/execute
PHP code from inside scripts. This means, the eval() function can evaluate PHP
code at run-time. The code itself in turn may be generated at run-time hence
it could be used to execute code that may not initially be a part of the script.

Let’s see some examples:



eval("echo 'hello';");


Which is equivalent to:

echo 'hello';


One more example:


<?php



$n=10;

$code='';



for($i=0;$i<$n;$i++)


    $code.="echo $i;";



eval($code);



?>



Here the code to be evaluated is generated at run-time too.

The code to be evaluated could be stored somewhere (like in a file or in database)
and later can be retrieved and evaluated.

As an example, below I’m providing the source code which would create
a page that could be used to run PHP code. It’d provide a HTML textarea
for you to type in the code which would then be executed and displayed. Be warned
however that this kind of page is extremely vulnerable and an open invitation
to hackers as anybody can use it to execute code on the server it is put in.
so DON’T put this onto tour or anybody else’s server you have access
to. It’d also be advisable to get off the internet before even trying
it on your local server and delete the file afterwards. Believe me I’ve
experienced hackers trying to access even local servers!

<?php echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?".">"; ?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<title>Untitled Document</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />


</head>



<body>

<h2>Run Script</h2>

<form name="form1" id="form1" method="get" action="">


  <p>

    <textarea name="code" cols="50" rows="15" id="code"></textarea>


  </p>

  <p>

    <input type="submit" name="Submit" value="Execute!" />


  </p>

</form>

<p><strong>Output:<br />

  -----------</strong></p>

<?php

if(isset($_GET['Submit']))


{

    $code=$_GET['code'];


    

    eval($code);


}

?>



</body>

</html>

Previous Posts:

• 
  

  Blogger:
  Changing Templates without Loosing Widgets

  
  


• 
  

  How
  Do I Color-Highlight PHP Source Codes

  
  


• 
  

  Web
  Scraping: Gathering "Related Searches" Keyword Data From Google
  Search Results

  
  


• 
  

  Web
  Scraping: Pulling Out Data From Google Search Results

  
  


• 
  

  Creating
  a Simple Form Validation Script Using JavaScript