Reputation: 891
php eval function
How to know that eval() is disabled or enabled in the web server.What is the php code to know this?Whether there is any php code to enable it , if it is disabled on the server?
Upvotes: 1
Views: 6089
Answers (3)
Reputation: 145512
Okay, as said, eval is unlikely to be disabled. But just in case, there are three workarounds:
$eval = create_function("", "$code");
$eval();
Or even just:
assert_options(ASSERT_ACTIVE, 1);
assert_options(ASSERT_QUIET_EVAL, 1);
assert("$code");
And the filesystem-workarounds:
file_put_contents($tmp=tempnam("/tmp", "EVAL"), "$code");
include($tmp);
All work equivalent to a straight eval.
Upvotes: 4
Reputation: 49238
You should be able to determine if eval() exists with:
http://php.net/manual/en/function.function-exists.php
if (function_exists('eval')) {
echo "eval() exists, it does it does!";
}
EDIT
Actually, eval() is a language construct so it can't be tested using function_exists(). However, this should work:
<?php
$isevalfunctionavailable = false;
$evalcheck = "\$isevalfunctionavailable = true;";
eval($evalcheck);
if ($isevalfunctionavailable === true) {
echo "\$isevalfunctionavailable is true.\n";
echo var_dump($isevalfunctionavailable);
}
?>
Upvotes: 5
Reputation: 4351
There's nothing built into PHP which lets you disable eval (unlike other functions which you can disable).
However, you can install a security path for PHP called Suhosin, which lets you disable eval, and also adds other security features to PHP.
http://www.hardened-php.net/suhosin/configuration.html#suhosin.executor.disable_eval
Upvotes: 5
Related Questions
- How to write a variable in a double quoted string to be treated as a variable by eval()
- What's alternative of eval function?
- PHP eval() - just one function
- Return in eval function for Php
- Can I use the eval function in this case?
- I got trouble with eval() function in php?
- PHP - eval() problem
- question about php eval() function
- Eval() problem in PHP
- PHP eval() function