psalm/docs/running_psalm/issues/TaintedEval.md

# TaintedEval

Emitted when user-controlled input can be passed into an `eval` call.

Passing untrusted user input to `eval` calls is dangerous, as it allows arbitrary data to be executed on your server.

```php
<?php

$name = $_GET["name"];

evalCode($name);

function evalCode(string $name) {
    eval($name);
}
```
Break out TaintedInput issues into a lot of separate ones 2020-11-17 18:44:31 +01:00			`# TaintedEval`

Doc typo 2023-11-22 11:10:23 +01:00			Emitted when user-controlled input can be passed into an `eval` call.
Break out TaintedInput issues into a lot of separate ones 2020-11-17 18:44:31 +01:00
			Passing untrusted user input to `eval` calls is dangerous, as it allows arbitrary data to be executed on your server.

			```php
			`<?php`

			`$name = $_GET["name"];`

			`evalCode($name);`

			`function evalCode(string $name) {`
			`eval($name);`
			`}`
			```