1

I have got string response is "<?php $a=array("10","20"); echo $a[0]+a[1]; ?>"

How to execute this string. I use PHP 7.0.

Please give any solution.

Improve this question
5
  • 2
    Why is this tagged with json, laravel, codeigniter and yii? Looks like tag-spamming. Commented Jul 24, 2017 at 13:07
  • You can use eval() but is rare and dangerous it use, why tou got this response string ? Commented Jul 24, 2017 at 13:08
  • corrected echo $a[0]+$a[1]; Commented Jul 24, 2017 at 13:08
  • 1
    You could use php.net/manual/en/function.eval.php and open yourself to a variety of security problems. Also see stackoverflow.com/questions/951373/when-is-eval-evil-in-php/…. Commented Jul 24, 2017 at 13:08
  • Out of curiosity, where does the string come from and why do you need to execute it? Commented Jul 24, 2017 at 13:10

1 Answer 1

Reset to default
8

As already stated you can use eval($string);. Beware that eval() evaluates a string as PHP code, so you need to be careful with the strings you allow to be passed!

If you take the string yourself from a predefined set of strings you created (using a swtich statement or something similar) it shouldn't be a problem.

If the string comes from the outside (user input or cURL requests or whatever) you shouldn't trust it and you should avoid using this method.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I have using eval('?>'.$string.'<?php;');
@Renukas, I know it is tooooo late to comment smth here, but mb it will be helpful for someone else. Beware too, because $string could contain "<?php ... ?>", so in your example, you aren't avoiding executing php code

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.