?
Solved

string to code

Posted on 2014-02-04
5
Medium Priority
?
303 Views
Last Modified: 2014-02-24
Is it possible to run php code from a string?

So for example:-
$tmpVar = "Bananna";
$myVariable = "echo 'hello ' . $tmpVar;";
//RunCode function does not exist!!!! Should echo out 'hello Bananna'
RunCode($myVariable);

Open in new window


Just trying to write a project and it would be handy to be able to write the code in a mySQL database and execute from a query, if not means storing lots of files and uing include as needed, just would be tidier if everthing is in one place.

Thank you in advance
0
Comment
Question by:tonelm54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 400 total points
ID: 39834812
There is the 'eval' function http://us1.php.net/manual/en/function.eval.php .  It is considered the most dangerous function in PHP.  This can be especially true if you are accepting external input into your database so that other people can insert code that you will run.
0
 
LVL 31

Assisted Solution

by:Marco Gasi
Marco Gasi earned 400 total points
ID: 39834816
I really don't think this is a correct design pattern for php (or any other language). Though I am not a professional, I never heard about code stored into a database.
After all, why one should do such a thing? Php is e server side language: its code is 'stored' in php files. The only one reason to store it in a database would be if you allowed to your users to write code and to run it on your server: a programmer's suicide programmatically executed!

My suggestion is to use specific files for specific tasks, organizing them in the directory tree if you need to give them a structured organization:

/httpdocs
/httpdocs/functions/
/httpdocs/functions/say_hello/
/httpdocs/functions/say_goodby
...
0
 
LVL 43

Assisted Solution

by:Chris Stanyon
Chris Stanyon earned 400 total points
ID: 39835154
I'm with Dave on this one. If you think you need to do this, then you need to re-think your design pattern - It's almost never a good idea to use eval().

Put your functions in an include file - it will all be in place :)
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 400 total points
ID: 39835804
If eval() is the answer, you are asking the wrong question!  Eval() is one of those "clever" things that can get you tripped up and can make your programming harder to understand.  Debugging is harder than writing the code in the first place.  So if you write the code as cleverly as possible you are, by definition, not smart enough to debug it.

Consider a slightly different variation on this design pattern: The query string.  If you write a query string like this, you're writing a computer program that will run in the data base engine, using the variable $x in the processing.

DELETE FROM myTABLE WHERE $x

In order to run that query you will need to provide some value for variable substitution into $x.  So maybe the idea will be to use the GET method request variable from the URL like this:

path/to/script.php?id=3

The script copies the key and value from $_GET into the $x variable and runs the query.  And row #3 gets deleted.

Now let's consider a slightly different URL GET request variable:

path/to/script.php?id=3+OR+1=1

The plus signs will be automatically decoded into blanks, and the same process will create a query that says this:

DELETE FROM myTABLE WHERE id=3 OR 1=1

Since 1=1 will be true for every row in the data base, the DELETE query will delete every row in the data base.  This is called SQL Injection.  It's a well-known attack vector, and there is a body of knowledge about how to prevent it.

There is, however, no corresponding body of knowledge about how to prevent attacks when a script uses eval().  And that is why we recommend against it.
0
 
LVL 34

Assisted Solution

by:Slick812
Slick812 earned 400 total points
ID: 39839889
greetings  tonelm54, , you ask - "Is it possible to run php code from a string?", the answer is Yes. But as has been said here already, several times, you should NEVER do this.
And you say - "if not means storing lots of files and using include as needed"
There may be other ways to do this! , But you do not seem to know of the Rich Options that PHP has for this very thing, -> as "get page option" data from a DB Table SELECT, and then do different page output code by using the Table SELECT information, that is different for each page, and having different Classes OR Class settings (options) to do a different page CODE (methods) and get output as needed by the DB entries.
Although it can be set up to use 50 or 60 different php, files in the include( ), this seems like an inefficient php design to me.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question