Understanding PHP eval function and usage Do more than just evaluating

#1: The syntax behind the eval();
It is very simple and straight forward… You pass any string argument through the  eval construct. The string will be treated as any PHP code. The basic syntax is:
?
1
mixed eval( string $code_str )
It has a mixed return value which we would get into a little later. The $code_str is the string which would get evaluated as PHP script. For now have a look at this example: Do note the semicolon inside the eval string.
?
1
2
3
4
5
<?php
echo ‘<p>Hi There</p>’;
eval( ‘echo “<p>I am supposed to get echoed after evaluation</p>”;’ );
echo ‘<p>And I am a normal echo</p>’;
?>
If you run this code it would output something like this:
Hi There
I am supposed to get echoed after evaluation
And I am a normal echo
Quite simple right? Basically it is same as the code below:
?
1
2
3
4
5
<?php
echo ‘<p>Hi There</p>’;
echo “<p>I am supposed to get echoed after evaluation</p>”;
echo ‘<p>And I am a normal echo</p>’;
?>
Now you may wonder, why we need eval ? Well good question… But we will get into that a little later.
#2: Using the proper php tag with eval();
This is the most confusing part. First carefully read the following notes:
eval don’t like any opening <?php or <? tag at the beginning of the string which it is going to evaluate.
So, we will make it a practice to not to include any opening <? or <?php to the start of the string passed as evaluation argument.
Also, at the end of the string eval does not like a full opening tag like <?php . If for some reason we have to append that then we will use a short tag <? …
Now for example, have a look at this code:
?
1
2
3
4
5
<?php
echo ‘<p>Hi There</p>’;
eval( ‘<?php echo “<p>I am supposed to get echoed after evaluation</p>”; ?>’ );
echo ‘<p>And I am a normal echo</p>’;
?>
what we have here is an opening tag <?php at the beginning of our string and a closing ?> tag at the end of it! As obvious, this will throw a Parse Error. Why? Well, the above code, evaluates to something like this:
?
1
2
3
4
5
<?php
echo ‘<p>Hi There</p>’;
<?php echo “<p>I am supposed to get echoed after evaluation</p>”; ?>
echo ‘<p>And I am a normal echo</p>’;
?>
Does it make any sense? Obviously no! It will throw a similar parse error on line 3.
#2.1: When to use php tags:
Say we have a code similar to this:
?
1
2
3
4
5
6
7
8
<?php
echo “Hi there”;
?>
<p>I am a p tag</p>
<?php echo “I am echoed by PHP”; ?>
<?php
echo “<br/>I am also echoed by php”;
?>
Often we mix up HTML and php codes like the code above and it really saves our time… We could have echoed the p tag, but it is not a good practice to do! So now, what we will do, if we are to wrap line 4 and 5 inside a eval tag? If we do something like:
?
1
2
3
4
5
6
7
<?php
echo “Hi there”;
?>
<?php eval( ‘<p>I am a p tag</p> <?php echo “I am echoed by PHP”; ?>’ ); ?>
<?php
echo “<br/>I am also echoed by php”;
?>
It will again throw a parse error! It is because of the same reason stated above… Now lets have a look at this:
?
1
2
3
4
5
6
7
<?php
echo “Hi there”;
?>
<?php eval( ‘?><p>I am a p tag</p> <?php echo “I am echoed by PHP”; ?><?’ ); ?>
<?php
echo “<br/>I am also echoed by php”;
?>
As obviously this would run perfect. If we break the eval, then we can see that the code is actually something like this:
?
01
02
03
04
05
06
07
08
09
10
<?php
echo “Hi there”;
?>
<?php ?>
<p>I am a p tag</p>
<?php echo “I am echoed by PHP”; ?>
<? ?>
<?php
echo “<br/>I am also echoed by php”;
?>
Which is logically just the same we wanted to wrap inside eval. So, that’s how we work with php tags within eval…
#3: Understanding the return of eval:
This is the most interesting part. As of now, you should have thought, that eval just does the manipulation of string as PHP code. Well almost right, except of its return values. What happens if you put a code like this:
?
1
2
3
4
<?php
$my_eval = eval( ‘$name = “Swashata”;’ );
var_dump( $my_eval );
?>
The output will be a simple NULL. Why? because by default eval does not return any value. So why to discuss about it? You bet  eval has a more to do with return  …
As said in the php documentation:
Eval Return NULL unless return is called in the evaluation code.
In case of any parse error, eval return FALSE and the evaluation continues for the following codes.
So, you can see, there is some thing unless return is called in the evaluation code . Obviously this is what we are going to discuss. For a startup lets see the following example:
?
1
2
3
4
<?php
$my_name = eval( ‘return $name=”Swashata”;’ );
echo $my_name;
?>
The output will be:
Swashata
Quite simple! So basically what it does, when it founds a return statement, it returns the whatever value assigned. And if we try to store it in a variable, then it just stores it! Now, lets look into another complicated example…
?
1
2
3
4
5
6
7
<?php
$eval_code =    ‘$my_site = ( ( $_SERVER[“HTTPS”] == “on” )? “https://” : “http://” ) . $_SERVER[“SERVER_NAME”];’ .
‘$my_site .= $_SERVER[“REQUEST_URI”];’ .
‘return $my_site;’;
$the_site = eval( $eval_code );
echo ‘<p>This site URL is: ‘ . $the_site . ‘</p>’;
?>
It not only returns, but actually does something before returning! Quite effective? right…
Another important thing about the return is, it stops evaluating any further code, when it founds the first return statement. Wondering how? Have a look at this…
?
1
2
3
4
5
6
7
8
<?php
$eval_code =    ‘$my_name = “Swashata”;’ .
‘$your_name = “John”;’ .
‘return $your_name;’ .
‘echo $my_name;’;
$the_name = eval( $eval_code );
echo ‘<p>$the_name has got a value ‘ . $the_name . ‘</p>’;
?>
Output:
$the_name has got a value John
It does not echo $my_name as return was found before it. So only $your_name stores inside the variable…
For a better understanding do check our online demo. Also dont forget to download the source codes!

#1: The syntax behind the eval();It is very simple and straight forward… You pass any string argument through the  eval construct. The string will be treated as any PHP code. The basic syntax is:?1mixed eval( string $code_str )It has a mixed return value which we would get into a little later. The $code_str is the string which would get evaluated as PHP script. For now have a look at this example: Do note the semicolon inside the eval string.?12345<?php    echo ‘<p>Hi There</p>’;    eval( ‘echo “<p>I am supposed to get echoed after evaluation</p>”;’ );    echo ‘<p>And I am a normal echo</p>’;?>If you run this code it would output something like this:Hi ThereI am supposed to get echoed after evaluationAnd I am a normal echoQuite simple right? Basically it is same as the code below:?12345<?php    echo ‘<p>Hi There</p>’;    echo “<p>I am supposed to get echoed after evaluation</p>”;    echo ‘<p>And I am a normal echo</p>’;?>Now you may wonder, why we need eval ? Well good question… But we will get into that a little later.#2: Using the proper php tag with eval();This is the most confusing part. First carefully read the following notes:eval don’t like any opening <?php or <? tag at the beginning of the string which it is going to evaluate.So, we will make it a practice to not to include any opening <? or <?php to the start of the string passed as evaluation argument.Also, at the end of the string eval does not like a full opening tag like <?php . If for some reason we have to append that then we will use a short tag <? …Now for example, have a look at this code:?12345<?php    echo ‘<p>Hi There</p>’;    eval( ‘<?php echo “<p>I am supposed to get echoed after evaluation</p>”; ?>’ );    echo ‘<p>And I am a normal echo</p>’;?>what we have here is an opening tag <?php at the beginning of our string and a closing ?> tag at the end of it! As obvious, this will throw a Parse Error. Why? Well, the above code, evaluates to something like this:?12345<?php    echo ‘<p>Hi There</p>’;    <?php echo “<p>I am supposed to get echoed after evaluation</p>”; ?>    echo ‘<p>And I am a normal echo</p>’;?>Does it make any sense? Obviously no! It will throw a similar parse error on line 3.#2.1: When to use php tags:Say we have a code similar to this:?12345678<?php    echo “Hi there”;?><p>I am a p tag</p><?php echo “I am echoed by PHP”; ?><?php    echo “<br/>I am also echoed by php”;?>Often we mix up HTML and php codes like the code above and it really saves our time… We could have echoed the p tag, but it is not a good practice to do! So now, what we will do, if we are to wrap line 4 and 5 inside a eval tag? If we do something like:?1234567<?php    echo “Hi there”;?><?php eval( ‘<p>I am a p tag</p> <?php echo “I am echoed by PHP”; ?>’ ); ?><?php    echo “<br/>I am also echoed by php”;?>It will again throw a parse error! It is because of the same reason stated above… Now lets have a look at this:?1234567<?php    echo “Hi there”;?><?php eval( ‘?><p>I am a p tag</p> <?php echo “I am echoed by PHP”; ?><?’ ); ?><?php    echo “<br/>I am also echoed by php”;?>As obviously this would run perfect. If we break the eval, then we can see that the code is actually something like this:?01020304050607080910<?php    echo “Hi there”;?><?php ?><p>I am a p tag</p><?php echo “I am echoed by PHP”; ?><? ?><?php    echo “<br/>I am also echoed by php”;?>Which is logically just the same we wanted to wrap inside eval. So, that’s how we work with php tags within eval…#3: Understanding the return of eval:This is the most interesting part. As of now, you should have thought, that eval just does the manipulation of string as PHP code. Well almost right, except of its return values. What happens if you put a code like this:?1234<?php    $my_eval = eval( ‘$name = “Swashata”;’ );    var_dump( $my_eval );?>The output will be a simple NULL. Why? because by default eval does not return any value. So why to discuss about it? You bet  eval has a more to do with return  …As said in the php documentation:Eval Return NULL unless return is called in the evaluation code.In case of any parse error, eval return FALSE and the evaluation continues for the following codes.So, you can see, there is some thing unless return is called in the evaluation code . Obviously this is what we are going to discuss. For a startup lets see the following example:?1234<?php    $my_name = eval( ‘return $name=”Swashata”;’ );    echo $my_name;?>The output will be:SwashataQuite simple! So basically what it does, when it founds a return statement, it returns the whatever value assigned. And if we try to store it in a variable, then it just stores it! Now, lets look into another complicated example…?1234567<?php    $eval_code =    ‘$my_site = ( ( $_SERVER[“HTTPS”] == “on” )? “https://” : “http://” ) . $_SERVER[“SERVER_NAME”];’ .                    ‘$my_site .= $_SERVER[“REQUEST_URI”];’ .                    ‘return $my_site;’;    $the_site = eval( $eval_code );    echo ‘<p>This site URL is: ‘ . $the_site . ‘</p>’;?>It not only returns, but actually does something before returning! Quite effective? right…Another important thing about the return is, it stops evaluating any further code, when it founds the first return statement. Wondering how? Have a look at this…?12345678<?php    $eval_code =    ‘$my_name = “Swashata”;’ .                    ‘$your_name = “John”;’ .                    ‘return $your_name;’ .                    ‘echo $my_name;’;    $the_name = eval( $eval_code );    echo ‘<p>$the_name has got a value ‘ . $the_name . ‘</p>’;?>Output:$the_name has got a value JohnIt does not echo $my_name as return was found before it. So only $your_name stores inside the variable…For a better understanding do check our online demo. Also dont forget to download the source codes!

Leave a Reply