image

The Coding Studio Inc. Tips

Exakat: The Land Where PHP Uses eval()

Published:

In a new post to their blog, Exakat looks at the use of eval in PHP applications and how, despite all of the warnings against using it, it's still found in quite a few codebases (based on their scans). It is 2018, and we can still find eval() being used in more than 28% of every PHP code source. It is repeatedly reported as a security issue and a performance bottleneck, and a memory hazard. Yet, we can't get rid of it. It seems reasonable to think that most of eval capabilities are available as a PHP features. So, we took examples from 2000 PHP open source projects, and reviewed the situation. Here are real-life examples of eval usage : for each of them, we'll discuss the actual replacement. Their examples include the use of eval for: JSON decode replacement Creating missing classes Rewriting classes on the fly Code compatibility Dynamic variabling ...and several more. Each comes with a summary of the method and code showing how it's being used. While some of the suggested replacements are built-in features of the language, others are recommended packages that can provide the same or similar functionality to what the original author was trying to accomplish.

Read More

A quote within 24 hours

Contact Us