dongpankao6133 2014-07-02 09:02
浏览 84
已采纳

PHP中的Eval和安全措施,创建PHP演示编辑器

I know that eval is the function in PHP to execute PHP code from an input. Now I want to make a W3Schools like editor. What can I do to protect eval code that I get from POST variable.

$code = eval($_POST["phpusercode"]);
echo $code;

What I want to do is when a user will make a function like this

I want to give user the ability to write his own PHP code on my site without making my website vulnerable to some sort of hacking.

  • 写回答

1条回答 默认 最新

  • dongpinyao2203 2014-07-02 09:10
    关注

    eval evaluates code, so, as @sectus says in comments, execute the code

    For example:

    eval ("echo 'Hello user'"); //This will execute echo 'Hello user'

    So, in your case i think you don't want to execute your user code, so please carify your question and update it.

    IMPORTANT:

    • Use of eval is highly discouraged
    • NEVER EVER use eval with params by POST/GET without sanitize them

    Useful links:

    When eval is evil

    Avoid SQL injection

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥50 三种调度算法报错 有实例
  • ¥15 关于#python#的问题,请各位专家解答!
  • ¥200 询问:python实现大地主题正反算的程序设计,有偿
  • ¥15 smptlib使用465端口发送邮件失败
  • ¥200 总是报错,能帮助用python实现程序实现高斯正反算吗?有偿
  • ¥15 对于squad数据集的基于bert模型的微调
  • ¥15 为什么我运行这个网络会出现以下报错?CRNN神经网络
  • ¥20 steam下载游戏占用内存
  • ¥15 CST保存项目时失败
  • ¥20 java在应用程序里获取不到扬声器设备