Solved

Modify PHP Code on the Fly?

Posted on 2016-11-10
8
48 Views
Last Modified: 2016-11-14
Other than by using an include file, is it possible to insert PHP code in the middle of a PHP page?  

What I'd like to do is to store a PHP if() statement in a MySQL table, retrieve that text and use it in the PHP code stream.  Example:

Table field contains the text:
  if($a == 'foo' || $b == 'bar' || ($d == 1 && $e == 2)) { $x = 'bar'; $y = 45; $z = intval($g); }

In the page's PHP code:
  statement x1;
  [insert text from table record here]
  statement x2;
  statement x3; ...

Right now, I'm have to code a bunch of "if then else" or case statements to handle the test that needs to be done on a specific field's value extracted from the same table record.  (The tests control if a row containing controls is added to a HTML table. If the tests are true, the row is not added.) Being able to do it this way would eliminate a huge amount of code on the page and allow me to manage the changes more easily.

I could create a bunch of include files and retrieve the correct one, but that's more trouble than just coding the if/then/else statements.

Any ideas?

Thanks,
Bruce
0
Comment
Question by:springthorpeSoftware
8 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41882705
PHP pre-compiles the current page before it runs it.  That prevents you from doing what you are describing because the code from the database won't be available when the PHP page is loaded.
0
 
LVL 2

Assisted Solution

by:weifai
weifai earned 125 total points
ID: 41882709
It seems that PHP's eval() function is what you need. http://php.net/manual/en/function.eval.php
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 250 total points
ID: 41882718
You -COULD- do this by way of the eval() statement, but it's a REALLY, REALLY bad idea in terms of security. Let's say that one day, you accidentally introduce a code vulnerability that allows someone to execute a SQL injection attack and they can update/insert data into any table they want. Now they have a place where they could insert any PHP code that they wanted, and it would end up getting executed on the page. So that single vulnerability would lead to complete, full control over your site.

You can still accomplish the same kind of functionality by using variables within your control. For example, let's say you had a table record that contained two fields:
Field "Conditions": (A == 'foo' || B == 'bar' || (D == 1 && E == 2)
Field "Result": X = 'bar'; Y = 45; Z = intval(G)

Then from there, you could pull that values, parse them and process them only if they followed your specific, limited instructions. So if anyone tried to inject any other content, it wouldn't pass through your parser and wouldn't execute. It takes more time, but it's far safer. Using eval() is asking for trouble.

Just be extremely careful with ANY dynamic code. Dynamic code might seem more "maintainable" but it also tends to be the "nuclear bomb" in your site if a hacker can find a vulnerability.
2
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 125 total points
ID: 41882725
Please see: https://iconoun.com/demo/temp_springthorpe_1.php
<?php // demo/temp_springthorpe_1.php
/**
 * https://www.experts-exchange.com/questions/28982352/Modify-PHP-Code-on-the-Fly.html
 *
 * http://php.net/manual/en/function.eval.php
 */
error_reporting(E_ALL);

// READ AND EXECUTE AN EXTERNAL DOCUMENT
$doc = file_get_contents('temp_springthorpe_2.php');
eval($doc);

Open in new window

// demo/temp_springthorpe_2.php
/**
 * https://www.experts-exchange.com/questions/28982352/Modify-PHP-Code-on-the-Fly.html
 */
error_reporting(E_ALL);

$now = date('r');
echo PHP_EOL . "Hello, it is now: $now";

Open in new window

Outputs something like:
Hello, it is now: Thu, 10 Nov 2016 13:19:01 -0600

Open in new window

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 108

Expert Comment

by:Ray Paseur
ID: 41882730
Further to what @gr8gonzo points out: http://php.net/manual/en/function.eval.php#44008

Now having shown that, please make a Google search for "cyclomatic complexity" and read about why a stack of if() statements can create an untestable code mess.  You might want to consider using an object-oriented design that will help you get away from all the conditional control structures.
1
 
LVL 53

Expert Comment

by:Julian Hansen
ID: 41882775
Right now, I'm have to code a bunch of "if then else" or case statements to handle the test that needs to be done on a specific field's value extracted from the same table record.
Can the tests not be coded as a SQL query instead - or is there data that is needed from the script and the table?

Can you give a specific case of what you want to do - there may be other solutions that don't involve storing PHP code.
0
 

Author Comment

by:springthorpeSoftware
ID: 41884065
Thanks to all of you.  Need to do some reading over the weekend and see which way to go.
Bruce
0
 

Author Closing Comment

by:springthorpeSoftware
ID: 41886330
Due to time constraints, going with the eval() approach.

Gonzo, thanks for the reminder/warning regarding eval().  Hopefully, our security and coding are good enough to prevent the injections.

Ray, reviewed several of the cyclomatic complexity articles.  Fortunately, the evaluated code will result in a single "IF" statement that, if true, simply skips the creation of the table row.  There will be but a single "ELSE", which is to create the row.

My thanks to all of you!  You are great!
Bruce
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now