eval() hell

Posted on July 5, 2011 by Jeremy

eval() shows up 23 times across 6 files in my current project. Here’s one of the most, er, interesting examples.

eval("\$WhereVal = \"$row[WhereValue]\";");

This entry was posted in PHP. Bookmark the permalink.

Sara Golemon

I once encountered: $enabled = create_function(”,’return false;’); which is just eval()’s less-obvious and therefor more-sinister little sister. Elsewhere in the same codebase was: function myinclude($file) { eval(“include ‘$file’;”); } which was being invoked about 200 times per page hit across about 10 unique files.

jeremykendall

You might have me beat there, Sara. I haven’t yet found anything that bad, not even in my early code.

Russ Johnson

Brill. Obfuscational megalomania.