问题
I have a question about eval() secourity risks
This is my own code
<?php
$str = 'nabi<'.$_GET['hackme']; // $_GET['hackme']=2;
$str = str_replace("nabi", 1, $str);
$hmm = eval('return ('.$str.');');
if($hmm){
echo 'yeah';
}
else{
echo 'no';
}
Result is will be:
yeah
My code workes well
It's what i want!
But i am afraid of the security risks!
Please offer a new solution
回答1:
If all you're doing is checking if something is less than 1, typecast $_GET['hackme'] to int or double.
$str = 'nabi<' . (int) $_GET['hackme'];
回答2:
There is zero security... Every code passed to hackme will be executed.
来源:https://stackoverflow.com/questions/28586982/risks-of-using-php-eval-for-string-math