StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POPHP: How To Disable Dangerous Functions
primarykey
Id
1865020
data
AcceptedAnswerId
1865038
AnswerCount
5
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2009-12-08T06:34:26.733
FavoriteCount
10
LastActivityDate
2017-10-26T16:02:17.093
LastEditDate
2009-12-08T12:33:31.997
LastEditorUserId
1820
OwnerUserId
139459
ParentId
0
PostTypeId
1
Score
16
ViewCount
42430
LastEditorDisplayName
text
Body
How can I disable the dangerous eval function? Can that be done using ini_set function? Also how to disable following functions? Can we disable them using ini_set function? <pre><code>allow_url_fopen allow_url_include exec shell_exec system passthru popen stream_select </code></pre> eval is one of the most dangerous function that bad guys can use to exploit the things. There should be a mechanism to disable that without resorting to php.ini file; but is should be done programatically. Well, guys I am looking for an answers suggesting disabling of these dangerous lovely fellows without going to php.ini file; I mean how to disable them at runtime or programatically? Thanks in advance.... Update Has anyone heard about PHP Shell Offender Script? It mainly used the eval function for the exploit. Hackers are able to run their PHP code on your site. My question was that I don't want to disable the eval function from php.ini file altogether. For example, i have developed my own MVC framework. Now the framework users can specify from frameworks config file whether eval (and others) function should be disabled or not. So this is left to the choice of framework users. Once they specify to disable it; i should be able to disable the eval function programatically. So that is the scenario. Looking for helpful answers/solutions. Thanks Again.
Tags
<php><security>
Title
PHP: How To Disable Dangerous Functions
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USCheekysoft
UserOwnerUserId
1. USSarfraz
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
3. PL
 singulars
 LinkTypeLinkTypeId
 LTDuplicate
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POPHP: How To Disable Dangerous Functions
 UserUserId
 USZulkhaery Basrul
 VoteTypeVoteTypeId
 VTFavorite
2. VO
 singulars
 PostPostId
 POPHP: How To Disable Dangerous Functions
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POPHP: How To Disable Dangerous Functions
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. CO@Robert Harvey: I don't understand why you deleted user1438726's answer, especially as you gave no justification. If what he says is correct, this is a tremendously helpful answer. Was his answer wrong or did you just disagree with it?
 singulars
 PostPostId
 POPHP: How To Disable Dangerous Functions
 UserUserId
 USCarl Smotricz

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.