Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Several days ago I attended a seminar and they were talking about “dangerous” PHP functions. They did not say however that should we use them. They named eval(), preg_match(), exec() and a lot more.
Though I don’t use them, or don’t use them often sometimes I have to. Is it considered bad practice to use those functions? Even if I know that where I use them no user can reach it?
Edit:
For the preg_match() questions, check out this:
preg_match() security hole
All of those methods basically allow injected code to be run on your system if you don’t protect against it. There’s a chance of you shooting yourself in the foot if you do use them without knowing what the dangers are. If you’re fully aware of what you’re doing, and you have no alternative but to use this method, then there isn’t much else you can do in any case.
This question has a pretty comprehensive list of exploitable functions in PHP
Exploitable PHP functions