[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


string to code

Posted on 2014-02-04
Medium Priority
Last Modified: 2014-02-24
Is it possible to run php code from a string?

So for example:-
$tmpVar = "Bananna";
$myVariable = "echo 'hello ' . $tmpVar;";
//RunCode function does not exist!!!! Should echo out 'hello Bananna'

Open in new window

Just trying to write a project and it would be handy to be able to write the code in a mySQL database and execute from a query, if not means storing lots of files and uing include as needed, just would be tidier if everthing is in one place.

Thank you in advance
Question by:tonelm54
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 400 total points
ID: 39834812
There is the 'eval' function http://us1.php.net/manual/en/function.eval.php .  It is considered the most dangerous function in PHP.  This can be especially true if you are accepting external input into your database so that other people can insert code that you will run.
LVL 31

Assisted Solution

by:Marco Gasi
Marco Gasi earned 400 total points
ID: 39834816
I really don't think this is a correct design pattern for php (or any other language). Though I am not a professional, I never heard about code stored into a database.
After all, why one should do such a thing? Php is e server side language: its code is 'stored' in php files. The only one reason to store it in a database would be if you allowed to your users to write code and to run it on your server: a programmer's suicide programmatically executed!

My suggestion is to use specific files for specific tasks, organizing them in the directory tree if you need to give them a structured organization:

LVL 44

Assisted Solution

by:Chris Stanyon
Chris Stanyon earned 400 total points
ID: 39835154
I'm with Dave on this one. If you think you need to do this, then you need to re-think your design pattern - It's almost never a good idea to use eval().

Put your functions in an include file - it will all be in place :)
LVL 111

Accepted Solution

Ray Paseur earned 400 total points
ID: 39835804
If eval() is the answer, you are asking the wrong question!  Eval() is one of those "clever" things that can get you tripped up and can make your programming harder to understand.  Debugging is harder than writing the code in the first place.  So if you write the code as cleverly as possible you are, by definition, not smart enough to debug it.

Consider a slightly different variation on this design pattern: The query string.  If you write a query string like this, you're writing a computer program that will run in the data base engine, using the variable $x in the processing.


In order to run that query you will need to provide some value for variable substitution into $x.  So maybe the idea will be to use the GET method request variable from the URL like this:


The script copies the key and value from $_GET into the $x variable and runs the query.  And row #3 gets deleted.

Now let's consider a slightly different URL GET request variable:


The plus signs will be automatically decoded into blanks, and the same process will create a query that says this:


Since 1=1 will be true for every row in the data base, the DELETE query will delete every row in the data base.  This is called SQL Injection.  It's a well-known attack vector, and there is a body of knowledge about how to prevent it.

There is, however, no corresponding body of knowledge about how to prevent attacks when a script uses eval().  And that is why we recommend against it.
LVL 34

Assisted Solution

Slick812 earned 400 total points
ID: 39839889
greetings  tonelm54, , you ask - "Is it possible to run php code from a string?", the answer is Yes. But as has been said here already, several times, you should NEVER do this.
And you say - "if not means storing lots of files and using include as needed"
There may be other ways to do this! , But you do not seem to know of the Rich Options that PHP has for this very thing, -> as "get page option" data from a DB Table SELECT, and then do different page output code by using the Table SELECT information, that is different for each page, and having different Classes OR Class settings (options) to do a different page CODE (methods) and get output as needed by the DB entries.
Although it can be set up to use 50 or 60 different php, files in the include( ), this seems like an inefficient php design to me.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question