Jump to content

some questions about eval() and echo


hisoka

Recommended Posts

1)why in eval()

<?php
$string ='<?php phpinfo(); ?>' ;
eval('?>'.$string.'<?php');
?>

the

'?>'

comes before

'<?php'

?? because normally we put

<?php

first then end our code with

?>

2)can't we evaluate the above code like this :

<?php
$string ='<?php phpinfo(); ?>' ;
eval($string);
?>

??

 

 

 

3) is it possible to echo the result of a php code assigned to a variable?

 

for example like this (the example is wrong but put only for the sake of clarifying the question) :

<?php
$string ='<?php phpinfo(); ?>' ;
echo $string ;
?>

??

 

 

 

 

Link to comment
Share on other sites

The ?> in eval() is to exit PHP mode, in case the person wants to run HTML. This is necessary if you're using the contents of a PHP file as input.


If you wanted to valuate the code without putting the ?> tag you also have to remove the <?php tags from the input string. Only this would work:

<?php
$string ='phpinfo();' ;
eval($string);
?>

3) is it possible to echo the result of a php code assigned to a variable?

 

That's exactly what eval() is for. Until it is passed through eval() that is not PHP code, it is just a string. The parser does not care what is between the string delimiters.

Link to comment
Share on other sites

Sorry but I still do not understand why in this code :

<?php
$string ='<?php phpinfo(); ?>' ;
eval('?>'.$string.'<?php');
?>

the php closing tag comes before the php opening tag ?? could you please explain further ?

Link to comment
Share on other sites

You need a closing tag so that the opening tag in the string won't cause an error.

 

eval() automatically starts off in PHP mode, meaning that it's as if the block of code already started with <?php. In order to avoid executing '<?php<?php' you have to close the first one with "?>"

 

I cannot put this in simpler terms.

Link to comment
Share on other sites

Sorry but I am not convinced by the answer and I have been looking for hours , in Google , to an explanation but I could not get any explanation about why the closing tag is used first . May be eval() evaluates the code from right to left and this is why the opening tag is used in the right side and the closing tag in the left side .

Link to comment
Share on other sites

No, it does not read anything in reverse. I've already explained this.

 

eval() is running as if it was already inside a PHP block. If the string you're giving it has a <?php ?> block in it you first need to close the PHP block eval() is using.

 

You don't need the closing tag unless the string you are giving to it has an opening <?php tag in it.

Link to comment
Share on other sites

PHP has two modes of operation:

1. printing everything literally

2. Executing code.

 

Inside PHP blocks, code is executed, outside of them everything is printed literally. To switch between modes you open or close the PHP blocks. <?php opens a PHP block and starts executing code, ?> closes the PHP block and starts outputting everything.

This is printed literally
<?php
echo 'This echo statement is executed';
?>
This is printed literally

When you call eval() is starts off inside a <?php ?> block. In order to switch modes you must close the PHP block using ?>.

Link to comment
Share on other sites

If I did not understand wrongly , According to what you wrote , eval() cannot not execute the code inside it otherwise it prints it literally . This implies two things :

 

1)eval() is not a function

2)the closing tag is used first , in the left side , so that eval() deal with the code literally because it cannot execute it . If I am wrong please correct me

 

let's say this eval's mechanism . There is something still unknown to me . If eval deal with code literally why it does not print it as it is instead it get executed ??

 

for example in :

<?php
eval('<?' phpinfo(); '<?php');
?>

why the result is not

'<?' phpinfo(); '<?php'

instead the phpinfo() get "executed"?

Edited by hisoka
Link to comment
Share on other sites

A couple things:

 

1. Technically, eval is not a function. It is described as a "language construct". Echo is also a language construct and not a function (for example, parentheses are not required with echo as they are with all functions).

2. Have you read the manual about eval? It specifically addresses what you're having a problem understanding:

 

Parameters

 

code

Valid PHP code to be evaluated.

 

The code must not be wrapped in opening and closing PHP tags, i.e. 'echo "Hi!";' must be passed instead of '<?php echo "Hi!"; ?>'. It is still possible to leave and re-enter PHP mode though using the appropriate PHP tags, e.g. 'echo "In PHP mode!"; ?>In HTML mode!<?php echo "Back in PHP mode!";'.

This code:

 

<?php
$string ='<?php phpinfo(); ?>' ;
eval('?>'.$string.'<?php');
?>
does the same thing as this:

 

<?php
$string ='?><?php phpinfo(); ?><?php' ;
eval($string);
?>
which does the same thing as this:

 

<?php
$string = 'phpinfo();' ;
eval($string);
?>
The PHP tags are unnecessary and useless in that example. If you don't understand why, then consider that using eval is similar to if you copied and pasted the code to be evaled in place of using eval. This is valid:

 

<?php
phpinfo();
This is valid:

 

<?php
?><?php phpinfo();
This is not valid:

 

<?php
<?php phpinfo();
Link to comment
Share on other sites

(1) Will execute as

<?php ?> //open and closed without code to execute<?php phpinfo(); ?> //open and closed with code to execute<?php ?> //open and closed without code to execute

Valid syntax;

(2) Will NOT execute as syntax is wrong

<?php //open tag followed by open tag<?php phpinfo(); ?> //open and closed with code to execute ?> //closed tag following close tag

(3)NO, not without eval(), it will show result if eval() is applied to variable without being a string, and this variable only OR with echo placed below

<?php //open tag $string = phpinfo();echo $string; //echo not necessary ?> //closed tag

So the output from use of eval() must be syntactically valid with current present code to work.

Edited by dsonesuk
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...