Solved

Modify PHP Code on the Fly?

Posted on 2016-11-10
8
50 Views
Last Modified: 2016-11-14
Other than by using an include file, is it possible to insert PHP code in the middle of a PHP page?  

What I'd like to do is to store a PHP if() statement in a MySQL table, retrieve that text and use it in the PHP code stream.  Example:

Table field contains the text:
  if($a == 'foo' || $b == 'bar' || ($d == 1 && $e == 2)) { $x = 'bar'; $y = 45; $z = intval($g); }

In the page's PHP code:
  statement x1;
  [insert text from table record here]
  statement x2;
  statement x3; ...

Right now, I'm have to code a bunch of "if then else" or case statements to handle the test that needs to be done on a specific field's value extracted from the same table record.  (The tests control if a row containing controls is added to a HTML table. If the tests are true, the row is not added.) Being able to do it this way would eliminate a huge amount of code on the page and allow me to manage the changes more easily.

I could create a bunch of include files and retrieve the correct one, but that's more trouble than just coding the if/then/else statements.

Any ideas?

Thanks,
Bruce
0
Comment
Question by:springthorpeSoftware
8 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41882705
PHP pre-compiles the current page before it runs it.  That prevents you from doing what you are describing because the code from the database won't be available when the PHP page is loaded.
0
 
LVL 2

Assisted Solution

by:weifai
weifai earned 125 total points
ID: 41882709
It seems that PHP's eval() function is what you need. http://php.net/manual/en/function.eval.php
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 250 total points
ID: 41882718
You -COULD- do this by way of the eval() statement, but it's a REALLY, REALLY bad idea in terms of security. Let's say that one day, you accidentally introduce a code vulnerability that allows someone to execute a SQL injection attack and they can update/insert data into any table they want. Now they have a place where they could insert any PHP code that they wanted, and it would end up getting executed on the page. So that single vulnerability would lead to complete, full control over your site.

You can still accomplish the same kind of functionality by using variables within your control. For example, let's say you had a table record that contained two fields:
Field "Conditions": (A == 'foo' || B == 'bar' || (D == 1 && E == 2)
Field "Result": X = 'bar'; Y = 45; Z = intval(G)

Then from there, you could pull that values, parse them and process them only if they followed your specific, limited instructions. So if anyone tried to inject any other content, it wouldn't pass through your parser and wouldn't execute. It takes more time, but it's far safer. Using eval() is asking for trouble.

Just be extremely careful with ANY dynamic code. Dynamic code might seem more "maintainable" but it also tends to be the "nuclear bomb" in your site if a hacker can find a vulnerability.
2
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 125 total points
ID: 41882725
Please see: https://iconoun.com/demo/temp_springthorpe_1.php
<?php // demo/temp_springthorpe_1.php
/**
 * https://www.experts-exchange.com/questions/28982352/Modify-PHP-Code-on-the-Fly.html
 *
 * http://php.net/manual/en/function.eval.php
 */
error_reporting(E_ALL);

// READ AND EXECUTE AN EXTERNAL DOCUMENT
$doc = file_get_contents('temp_springthorpe_2.php');
eval($doc);

Open in new window

// demo/temp_springthorpe_2.php
/**
 * https://www.experts-exchange.com/questions/28982352/Modify-PHP-Code-on-the-Fly.html
 */
error_reporting(E_ALL);

$now = date('r');
echo PHP_EOL . "Hello, it is now: $now";

Open in new window

Outputs something like:
Hello, it is now: Thu, 10 Nov 2016 13:19:01 -0600

Open in new window

0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 41882730
Further to what @gr8gonzo points out: http://php.net/manual/en/function.eval.php#44008

Now having shown that, please make a Google search for "cyclomatic complexity" and read about why a stack of if() statements can create an untestable code mess.  You might want to consider using an object-oriented design that will help you get away from all the conditional control structures.
1
 
LVL 54

Expert Comment

by:Julian Hansen
ID: 41882775
Right now, I'm have to code a bunch of "if then else" or case statements to handle the test that needs to be done on a specific field's value extracted from the same table record.
Can the tests not be coded as a SQL query instead - or is there data that is needed from the script and the table?

Can you give a specific case of what you want to do - there may be other solutions that don't involve storing PHP code.
0
 

Author Comment

by:springthorpeSoftware
ID: 41884065
Thanks to all of you.  Need to do some reading over the weekend and see which way to go.
Bruce
0
 

Author Closing Comment

by:springthorpeSoftware
ID: 41886330
Due to time constraints, going with the eval() approach.

Gonzo, thanks for the reminder/warning regarding eval().  Hopefully, our security and coding are good enough to prevent the injections.

Ray, reviewed several of the cyclomatic complexity articles.  Fortunately, the evaluated code will result in a single "IF" statement that, if true, simply skips the creation of the table row.  There will be but a single "ELSE", which is to create the row.

My thanks to all of you!  You are great!
Bruce
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question