Solved

Modify PHP Code on the Fly?

Posted on 2016-11-10
8
39 Views
Last Modified: 2016-11-14
Other than by using an include file, is it possible to insert PHP code in the middle of a PHP page?  

What I'd like to do is to store a PHP if() statement in a MySQL table, retrieve that text and use it in the PHP code stream.  Example:

Table field contains the text:
  if($a == 'foo' || $b == 'bar' || ($d == 1 && $e == 2)) { $x = 'bar'; $y = 45; $z = intval($g); }

In the page's PHP code:
  statement x1;
  [insert text from table record here]
  statement x2;
  statement x3; ...

Right now, I'm have to code a bunch of "if then else" or case statements to handle the test that needs to be done on a specific field's value extracted from the same table record.  (The tests control if a row containing controls is added to a HTML table. If the tests are true, the row is not added.) Being able to do it this way would eliminate a huge amount of code on the page and allow me to manage the changes more easily.

I could create a bunch of include files and retrieve the correct one, but that's more trouble than just coding the if/then/else statements.

Any ideas?

Thanks,
Bruce
0
Comment
Question by:springthorpeSoftware
8 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 41882705
PHP pre-compiles the current page before it runs it.  That prevents you from doing what you are describing because the code from the database won't be available when the PHP page is loaded.
0
 
LVL 2

Assisted Solution

by:weifai
weifai earned 125 total points
ID: 41882709
It seems that PHP's eval() function is what you need. http://php.net/manual/en/function.eval.php
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 250 total points
ID: 41882718
You -COULD- do this by way of the eval() statement, but it's a REALLY, REALLY bad idea in terms of security. Let's say that one day, you accidentally introduce a code vulnerability that allows someone to execute a SQL injection attack and they can update/insert data into any table they want. Now they have a place where they could insert any PHP code that they wanted, and it would end up getting executed on the page. So that single vulnerability would lead to complete, full control over your site.

You can still accomplish the same kind of functionality by using variables within your control. For example, let's say you had a table record that contained two fields:
Field "Conditions": (A == 'foo' || B == 'bar' || (D == 1 && E == 2)
Field "Result": X = 'bar'; Y = 45; Z = intval(G)

Then from there, you could pull that values, parse them and process them only if they followed your specific, limited instructions. So if anyone tried to inject any other content, it wouldn't pass through your parser and wouldn't execute. It takes more time, but it's far safer. Using eval() is asking for trouble.

Just be extremely careful with ANY dynamic code. Dynamic code might seem more "maintainable" but it also tends to be the "nuclear bomb" in your site if a hacker can find a vulnerability.
2
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 125 total points
ID: 41882725
Please see: https://iconoun.com/demo/temp_springthorpe_1.php
<?php // demo/temp_springthorpe_1.php
/**
 * https://www.experts-exchange.com/questions/28982352/Modify-PHP-Code-on-the-Fly.html
 *
 * http://php.net/manual/en/function.eval.php
 */
error_reporting(E_ALL);

// READ AND EXECUTE AN EXTERNAL DOCUMENT
$doc = file_get_contents('temp_springthorpe_2.php');
eval($doc);

Open in new window

// demo/temp_springthorpe_2.php
/**
 * https://www.experts-exchange.com/questions/28982352/Modify-PHP-Code-on-the-Fly.html
 */
error_reporting(E_ALL);

$now = date('r');
echo PHP_EOL . "Hello, it is now: $now";

Open in new window

Outputs something like:
Hello, it is now: Thu, 10 Nov 2016 13:19:01 -0600

Open in new window

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 108

Expert Comment

by:Ray Paseur
ID: 41882730
Further to what @gr8gonzo points out: http://php.net/manual/en/function.eval.php#44008

Now having shown that, please make a Google search for "cyclomatic complexity" and read about why a stack of if() statements can create an untestable code mess.  You might want to consider using an object-oriented design that will help you get away from all the conditional control structures.
1
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 41882775
Right now, I'm have to code a bunch of "if then else" or case statements to handle the test that needs to be done on a specific field's value extracted from the same table record.
Can the tests not be coded as a SQL query instead - or is there data that is needed from the script and the table?

Can you give a specific case of what you want to do - there may be other solutions that don't involve storing PHP code.
0
 

Author Comment

by:springthorpeSoftware
ID: 41884065
Thanks to all of you.  Need to do some reading over the weekend and see which way to go.
Bruce
0
 

Author Closing Comment

by:springthorpeSoftware
ID: 41886330
Due to time constraints, going with the eval() approach.

Gonzo, thanks for the reminder/warning regarding eval().  Hopefully, our security and coding are good enough to prevent the injections.

Ray, reviewed several of the cyclomatic complexity articles.  Fortunately, the evaluated code will result in a single "IF" statement that, if true, simply skips the creation of the table row.  There will be but a single "ELSE", which is to create the row.

My thanks to all of you!  You are great!
Bruce
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Introduction Many web sites contain image galleries; a common design for these galleries includes a page with a collection of thumbnail images.  You can click on each of the thumbnail images to see the larger version of the image.  This is easily i…
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now