What's the difference? eval() or just call the function directly?

Question

I'm not php expert and I don't know what's the difference(1) between a and b.

a.)eval('return "'.base64_decode("encoded_text").'";')

b.)base64_decode("encoded_text")

-I THINK, a is php code and b is just string. And my other question is:

What is the difference(2) between c and d?

c.)eval('return "'.base64_decode("encoded_text").'";')

d.)eval(base64_decode("encoded_text"))

So I have 2 questions. Who can answer/help ?

Thanks.

Answer 1

Edit: whoops, read second question incorrectly.

For the first question: In one case eval() is being used for no reason. eval() is only necessary if you are dynamically building some PHP code into a string for some reason, and should only be used very, very carefully. It's certainly not necessary as an alternative to just calling the function directly.

As for the second question, the difference is which string is being evaluated. Case (c) will return the result of base-64 decoding "encoded text". That is, it'll return a decoded version. Case (d) will first decode the text, then try to execute it as PHP code. So (d) actually executes the result of decoding, (c) does not, it just returns the decoded text.

Answer 2

Forget about eval, at this stage try not to use. You should ask what's difference between

$var = base64_decode("encoded_text")

and

return base64_decode("encoded_text");

As Chad wrote, try to avoid eval! It only executes code in $variable. example,

$var = 'base64_decode("encoded_text")';
return eval($var);

Answer 3

Let's label your 2 cases as Case X (part a and b) and Y (part c and d).

Case X

For this, both of the parts have no difference from each other. In fact, part a has some redundancy.

If you evaluate them slowly, you will notice how redundant it is:

Part a
In this part, the difference is that you add the eval statement with return in the string for evaluation.

1. echo eval('return "'.base64_decode("encoded_text").'";');
2. echo eval('return "decoded_text";')'
3. echo "decoded_text";

Part b

1. echo base64_decode("encoded_text");
2. echo "decoded_text";

Case Y

For this, there's grave difference.

Part c

1. echo eval('return "'.base64_decode("encoded_text").'";');
2. echo eval('return "decoded_text";')'
3. echo "decoded_text";

Part d

1. echo eval(base64_decode("encoded_text"));
2. echo eval("decoded_text"); - there may be a syntax error here, because decoded_text may or may not be proper PHP code.