create_function() is not your friend

About me / 公告 / 杂谈 / 心情 / 技术 / 转载 / 笑话 / 编辑器 / 外挂 / 书签 / 其他 / 翻译

create_function() is not your friend

From:

http://blog.libssh2.org/index.php?/archives/60-create_function-is-not-your-friend.html

create_function 到底作了些什么呢？

function create_function($args, $code)
{
 static $id = 0;
 eval("function __lambda_func($args) { $code }");
 while (!runkit_function_rename('__lambda_func', "\0lambda_" . (++$id)));
 return "\0lambda_$id";
}

I'll let you contemplate on that awhile....You should be noticing the following sets of problems:

Prone to critical abuse by user-supplied code
Skips opcode cache optimizations

You should also be thinking about the practical issues with it:

Code lives inside quoted strings which means awkward escaping of embedded quotes
Encourages not using comments (evil)
100% blind to reflection or PHPDoc style documentation generation
I'm sure you can come up with a couple more...

This article is posted by guoxiaod on December 1st,2008 23:08, link is https://sanmuding.com/i/590.

create_function() is not your friend

Leave a reply