eval()

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

eval()

Post by Luke »

What exactly is the security issue with eval() if no user input is in it?
joseluisloya
Forum Newbie
Posts: 3
Joined: Tue Jul 18, 2006 10:56 pm

Post by joseluisloya »

If no user input, theres no problem...

JoseLuis Loya
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

This is after my post about using eval() in a registry/service locator I presume?

viewtopic.php?p=284421#284421

Pretty much explains why I was concerned :)
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Post Reply