dsj8000 2012-12-05 12:48
浏览 54
已采纳

PHP eval的限制

I have logical expressions that I need to evaluate. After some expresison template parametrized with its parameters, these expressions could look like this:

$expr1 = '1 or 0 and not(0 or 0)';
$expr2 = "'editor' == 'editor' and not(0 = 1) and 10 > 5";

So, I need to handle numbers, string literals, as well as logical and algebraical operators and round brackets between them.

When using PHP eval I also get undesirable unsecured abilities, like system function call, and so on.

So, is there any way to restrict PHP eval, or may be there is some better solution?

Thanks!

  • 写回答

2条回答 默认 最新

  • dongping9475 2012-12-09 19:49
    关注

    Ok, I got another solution. I've dawned that I can use PHP DOMXPath::evaluate to evaluate my logical expression. So, I got a working solution, which has no security issues. I think my problem is solved :)

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

  • PHP eval限制 php
    2012-12-05 12:48
    回答 2 已采纳 Ok, I got another solution. I've dawned that I can use PHP DOMXPath::evaluate to evaluate my logic
  • php 7的验证eval() php
    2017-06-27 02:39
    回答 1 已采纳 You're getting that error because your array keys are plain code rather than strings. You'd have t
  • PHPEval代码导致变量 laravel php
    2016-07-12 14:38
    回答 3 已采纳 $pageTitle = isset($seo->meta_title) ? @eval("return $seo->meta_title;") : null; it will a
  • PHP eval函数使用介绍
    2020-12-18 19:52
    1.eval函数的参数的字符串末尾一定要有分号,在最后还要另加一个分号(这个分号是php限制) 2.注意单引号,双引号和反斜杠的运用。如果参数中带有变量时,并且变量有赋值操作的话,变量前的$符号钱一定要有\来转义。...
  • Laravel - 带有刀片compileString的php eval laravel php
    2018-04-27 02:01
    回答 1 已采纳 As stated in the manual: The code must not be wrapped in opening and closing PHP tags, i.e. 'e
  • PHP eval()函数 php
    2011-03-12 10:25
    回答 3 已采纳 The value of the variable $definition is replaced into the string definition "return $definition;"
  • 使用PHP eval运行代码导致致命错误:无法重新声明函数 php
    2016-04-29 15:42
    回答 2 已采纳 You have three choices, really. function_exists() // this will check for the function's existenc
  • php eval 禁止,php禁用eval
    2021-03-23 20:19
    jun zheng的博客 The eval() language construct is very dangerous because it allows execution of arbitrary PHP code.eval是语言结构,不是函数,所以无法使用disable_functions来禁用之前写过:从 php 内核挂载钩子解密源码,...
  • PHP函数eval()包含大量代码 php
    2015-09-02 17:19
    回答 1 已采纳 Please , try to use the following code and don't remove <?php and ?> tags from start/end fil
  • 使用PHP eval的风险[重复] php
    2011-01-07 23:33
    回答 4 已采纳 Check out these previous questions: When is eval() evil in PHP? When (if ever) is eval() NOT ev
  • 这个PHP功能安全吗? php
    2015-09-08 11:25
    回答 1 已采纳 You shouldn't use eval for that. Instead simply call you function like that $functionName($field
  • php绕过eval过滤,eval长度限制绕过 && PHP5.6新特性
    2021-05-08 06:58
    Hu??的博客 来源:https://www.leavesongs.com/PHP/bypass-eval-length-restrict.html作者: phithon@长亭科技昨天晚上 @roker 在小密圈里问了一个问题,就是eval(xxx),xxx长度限制为16个字符,而且不能用eval或assert,怎么...
  • 你如何创建PHP eval循环? php
    2010-01-30 20:52
    回答 5 已采纳 I managed to get it done... With this code: while($template_loop = array_loop($templates)) {
  • eval函数 php_PHP eval函数使用介绍
    2021-03-22 22:21
    地精工效学者的博客 在浏览器中都输出:hello world运用eval()要注意几点:1.eval函数的参数的字符串末尾一定要有分号,在最后还要另加一个分号(这个分号是php限制)2.注意单引号,双引号和反斜杠的运用。如果参数中带有变量时,并且变量...
  • php eval()函数
    2021-10-08 00:15
    yyyyzzzllll的博客 php eval()函数 (PHP 4, PHP 5, PHP 7, PHP 8) eval — 把字符串作为PHP代码执行 说明 eval(string $code) 把字符串 code 作为PHP代码执行。 函数eval()语言结构是 *非常危险*的, 因为它允许执行任意 PHP 代码。 *...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 为什么我运行这个网络会出现以下报错?CRNN神经网络
  • ¥20 steam下载游戏占用内存
  • ¥15 CST保存项目时失败
  • ¥15 树莓派5怎么用camera module 3啊
  • ¥20 java在应用程序里获取不到扬声器设备
  • ¥15 echarts动画效果的问题,请帮我添加一个动画。不要机器人回答。
  • ¥15 Attention is all you need 的代码运行
  • ¥15 一个服务器已经有一个系统了如果用usb再装一个系统,原来的系统会被覆盖掉吗
  • ¥15 使用esm_msa1_t12_100M_UR50S蛋白质语言模型进行零样本预测时,终端显示出了sequence handled的进度条,但是并不出结果就自动终止回到命令提示行了是怎么回事:
  • ¥15 前置放大电路与功率放大电路相连放大倍数出现问题