is escaping eval variables safe enough?

M

meromance

New Member
Is escaping eval variables safe enough from security point of view. For e.g.\[code\]$path = "a"; //sample value; is generated dynamically$var = "phpinfo()"; //sample attack value; is generated dynamicallyeval("\$struct$path = \$var;");\[/code\]this seems to be working safely to me. Although there seems to be no reason of using the code in the first place, now that it is in, it cannot be removed without a reason.Is there any way (any value for $var or $path) that can break this eval or is it that i am simply worrying too much :-) and this is a safe case???
 
You must log in or register to reply here.
Back
Top