LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (https://www.linuxquestions.org/questions/programming-9/)
-   -   php function_exists("eval") fails (https://www.linuxquestions.org/questions/programming-9/php-function_exists-eval-fails-4175666144/)

dogpatch 12-17-2019 08:09 PM
php function_exists("eval") fails
 
If i call function_exists("eval") on my server, it returns false. But the function eval() exists and works fine.

This is mostly a curiosity question: Please don't lecture me on how i shouldn't use eval() because it's potentially dangerous. If my hosting service were to disable eval(), i could work around that, but would like to know how to tell if this function is avalable.

I can call get_defined_functions() and get a list about a mile long which does indeed include eval() along with other potentially 'dangerous' php functions.

If i call ini_get('disable_functions'), i get an empty list.

Other functions, for example function_exists("exec") returns true. Why does function_exists("eval") return false?

NevemTeve 12-17-2019 09:37 PM
It might treat built-in language constructs and user-defined functions differently. (The documentation mentions 'include' as an example: it also looks like a function, but function_exists gives FALSE for it.)

> would like to know how to tell if this function is available.
I would try this:
Code:
$evalok= FALSE;
@eval('$evalok= TRUE;');

astrogeek 12-17-2019 10:25 PM
NevemTeve appears to be on the right track - eval is not a function. From the PHP manual:

Code:
Note: Because this is a language construct and not a function, it cannot be called using variable functions.
That does not directly answer your question, but it shows that functions and language constructs are certainly not equivalent in the eyes of PHP itself.

boughtonp 12-18-2019 06:46 AM
Quote:
Originally Posted by astrogeek (Post 6069038)
That does not directly answer your question
Why not?

The question was "Why does function_exists("eval") return false?" and the answer is "eval is a language construct and not a function".


An interesting follow-up question might be why eval (and others, e.g. isset) are implemented as language constructs instead of functions.

dogpatch 12-18-2019 10:37 AM
Quote:
Originally Posted by NevemTeve (Post 6069032)
It might treat built-in language constructs and user-defined functions differently.
That does indeed answer my first question. Thank you.

Quote:
Originally Posted by NevemTeve (Post 6069032)
I would try this:
Code:
$evalok= FALSE;
@eval('$evalok= TRUE;');
Am not sure how this would tell me if the function is available. What i've done is enclose your test after the following
Code:
function myException($exception) {
  echo "<b>Exception:</b> " . $exception->getMessage();
}
set_exception_handler('myException');
which allows me to print my own error message to the screen. This works if i try to use an undefined function. But my script still dies at that point. Still haven't discovered how to recover and continue executing after the error. Nor am i sure that this would work if my hosting service were to disable eval() or some other function or construct.

dogpatch 12-18-2019 11:32 AM
One more remark:
Quote:
Originally Posted by dogpatch (Post 6069018)
I can call get_defined_functions() and get a list about a mile long which does indeed include eval() along with other potentially 'dangerous' php functions.
Must have been seeing things. Now when i run get_defined_functions(), i do not see eval anywhere in the returned list.

dogpatch 12-18-2019 04:14 PM
Final note: from this web page, I found the following:
Quote:
- Language constructs in some cases may be able to bypass error handling mechanisms
- While functions can be disabled in PHP via the configuration file, language constructs cannot.
(emphasis added)
- which means my original concern was over nothing. It would appear that eval() can never be disabled, so i have no need to wonder.

I will now mark this thread as 'Solved'


All times are GMT -5. The time now is 09:29 AM.