x10Hosting Member
I'm starting up my own CMS, so one of the problems I've come across is that I can't store php coding in a MySQL table and execute it. It'll show up as HTML.
I realize I could write the whole thing to a file, then include it, but I'd like to see if there's another way other than that.
Thanks.
x10 Lieutenant
You can always try to eval( $code ) where $code is the php code you stored in the database.
But including a file has much less overhead than 1) making a database query and then 2) eval() the result.
x10 Spammer
Not to mention that using eval will open up a potential injection vulnerability. It has its uses, but as Rasmus Lerdorf (PHP's inventor) once said,Originally Posted by dlukin
Of course, writing to a file & including it introduces the same vulnerability, and has even more overhead. OP, I have to ask: why do you need to evaluate arbitrary PHP code?If eval() is the answer, you're almost certainly asking the wrong question.
Last edited by misson; 06-05-2010 at 12:51 AM.
Be sure to read all pages linked in this post; they have further information that should prove useful. When asking for help, make sure you follow Eric Raymond's and Jon Skeet's guidelines for prompt, accurate responses. Please answer any questions I ask; they're not rhetorical (probably). Any posted code is intended as illustrative example, rather than a solution to your problem to be copied without alteration. Study it to learn how to write your own solution.Misson, not Mission.
x10Hosting Member
So I can have php in pages :/
For example, I used to use $BASE in my links and images, so the links would still work when I move the page (I realize I don't need to do this anymore with mod_rewrite and php). That wouldn't work when the page is placed in the database then executed.
x10Hosting Member
Among other things, this can be useful for storing code in a database text field for later execution. - http://php.net/manual/en/function.eval.php
Looks like eval() was just what I needed :D
Thanks dlukin and misson
x10 Minion
For what it's worth, storing PHP in a database for execution is a hideously bad way of getting around a problem. In no case should you ever have to do it.
x10 Spammer
A safer option is to use a limited template engine, storing strings in the template language. If you only need variable replacement, you can use preg_replace_callback to replace variable names with values.
PHP Code:function lookup_var($matches) {
if (count($matches) <= 2) {
// simple variable syntax
...
// e.g. "return $_GLOBALS[$matches[0]];", but that's still potentially unsafe
} else {
// complex variable syntax
...
}
}
preg_replace_callback('/\$(?:(\w+)|{([^}]+)})/', 'lookup_var', $str);
Be sure to read all pages linked in this post; they have further information that should prove useful. When asking for help, make sure you follow Eric Raymond's and Jon Skeet's guidelines for prompt, accurate responses. Please answer any questions I ask; they're not rhetorical (probably). Any posted code is intended as illustrative example, rather than a solution to your problem to be copied without alteration. Study it to learn how to write your own solution.Misson, not Mission.
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote