security - Prove this PHP Eval of Function Dangerous -



security - Prove this PHP Eval of Function Dangerous -

i looking @ next block of code , cannot find working illustration of how eval unsafe in specific case.

i realize eval dangerous, never used, there improve ways it, etc own curiosity want define how code block dangerous.

in case below $z's value controlled user single quoted (and -as far know- hence cannot explode variable). applying single quote within of $z break string not possible.

function bar($x) { echo $x; } $z = 'user controlled input'; eval("bar(\$z);");

well if forgot escape $z like:

$z = '); unlink('/files/importantfile.data');

in case, there nothing wrong other potential forgot escaping!

php security

Comments

Popular posts from this blog

assembly - What is the addressing mode for ld, add, and rjmp instructions? -

vowpalwabbit - Interpreting Vowpal Wabbit results: Why are some lines appended by "h"? -

Is there a way to convert an HTML page styled with Bootstrap CSS into email-compatible html? -