linuxrox
asked on
execute php code contained in a mysql database
Is it possible for me to execute php code contained in a mysql db from another script?
For instance, if i store the code include("test/test.php"); in a mysql database, can i then use a script to pull the data from the database and execute that code?
thanks.
For instance, if i store the code include("test/test.php"); in a mysql database, can i then use a script to pull the data from the database and execute that code?
thanks.
yes, as snoyes said, use the eval function.
1.) You need to create the mysql connection with mysql_connect();
2.) Write your SQL and query the database with mysql_query();
3.) Parse your result with the eval(); function.
for example.
<?php
$connect = mysql_connect("server,"use rname","pa ssword");
mysql_select_db("mydatabas e",$connec t);
$sql = "SELECT * FROM `invcludes_table` WHERE `id` = "'.$_GET['id']."' LIMIT 1";
$dosql = mysql_query($sql,$connect) ;
$return = mysql_fetch_array($dosql);
eval($return['php_code']);
?>
...should work. the security in that script is terrible, so dont use it.
Hope that answers your question!
1.) You need to create the mysql connection with mysql_connect();
2.) Write your SQL and query the database with mysql_query();
3.) Parse your result with the eval(); function.
for example.
<?php
$connect = mysql_connect("server,"use
mysql_select_db("mydatabas
$sql = "SELECT * FROM `invcludes_table` WHERE `id` = "'.$_GET['id']."' LIMIT 1";
$dosql = mysql_query($sql,$connect)
$return = mysql_fetch_array($dosql);
eval($return['php_code']);
?>
...should work. the security in that script is terrible, so dont use it.
Hope that answers your question!
of course a good caveat is that this is a rather slow way of executing code... (at least it has proven to be so on Windows XP, can't answer for other PHP setups).
the main reason for this penalty is that the "compiler" can't do anything to your eval'd code.
avoid this function if it all possible.
the main reason for this penalty is that the "compiler" can't do anything to your eval'd code.
avoid this function if it all possible.
ASKER
ahh, good deal. why is the security bad in that script?
Just store the filenames in the database, and include them in your script using require() or include().
because it is working directly from a $_GET variable and doesn't check for any rights, etc.
ASKER
well, what i have is this. i have an html editor with a template. this template has a set of comments such as <!--insertcode--><!--endco de-->
the script finds those comments and based upon what the comments are it needs to store some php code in the database to be executed later when pulled from another script. the idea is having different dynamic content based upon which html comments are found. i have one main script that pulls data from the database and displays stories etc etc. i would like it to find the code in the database and execute it.
the script finds those comments and based upon what the comments are it needs to store some php code in the database to be executed later when pulled from another script. the idea is having different dynamic content based upon which html comments are found. i have one main script that pulls data from the database and displays stories etc etc. i would like it to find the code in the database and execute it.
Ah.
Eval() is your man then.
Eval() is your man then.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I agree with JD. If you're heading in that kind of direction Smarty is a much much better solution. And you can still use your database to store your templates.
-Doug
-Doug
Er, JP I mean ;)
Yeah, storing PHP code in your database would be generally considered to be very poor design.
The idea of your database is that it should contain all the stuff that's NOT the code of your site. User details, page TEXT, navigation hierarchy, etc, but not the code that determines how those things are presented.
JP
The idea of your database is that it should contain all the stuff that's NOT the code of your site. User details, page TEXT, navigation hierarchy, etc, but not the code that determines how those things are presented.
JP
http://www.php.net/manual/en/function.eval.php