/    Sign up×
Community /Pin to ProfileBookmark

echo PHP code from a database field

Copy linkTweet thisAlerts:
Mar 22.2006

This does’nt seem like it would be difficult but i can’t figure it out how to do it.

I want to store standard html AND php code into a database field and echo it onto an index page. Here is an example of what I am trying to accomplish:

[code=php]
<?php
$result = mysql_query(“SELECT page_content FROM pages WHERE id =1”);
$page_info = mysql_fetch_assoc($result);
?>
<html>
<head></head>
<body><?php echo $page_info[‘page_content’];?></body>
</html>
[/code]

Note: this is a very basic version of what i am trying to to! ?

and the database field would hold HTML and PHP.

[code=php]
in database field:
………………………………………………………
<p>there is some html page content</p>
<p>look at the calendar</p>
$cal = new Calendar();
echo $cal->generate_calendar();
………………………………………………………
[/code]

i have tried eval but it seems to only work with php code and not a mixture of both.
I would appreciate any help you can give!

Thanks,

Nate

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@chazzyMar 22.2006 — Do you want to hear why this is a huge security risk?

Let's say someone gets into your database. They modify one of the cells so that page 1 now creates a worm onto a computer.
Copy linkTweet thisAlerts:
@Natcon67authorMar 22.2006 — chazzy,

thanks for your concern, I have not thought of that. Is there a better way of doing this then? To give you a little more info about the project. I am creating "modules" like calendar, events, news and I want the users to be able to create a new page, type in some text and incorporate a "module" into the page.

Thanks again for your response.
Copy linkTweet thisAlerts:
@chazzyMar 23.2006 — yes.

don't allow them to insert server side code. let them write it as a page themselves if they so choose. create "hooks" in your application. basically functions that do nothing, but can have function calls inside them....

So in your page you could have something like

[code=php]
<?php
include('config.php');
include('hooks.php');
printHeader();
hook1();
?>[/code]
and hooks.php could have:
[code=php]
<?php
function hook1(){
include('hook1config.txt');
}
[/code]

And they can add in their own includes and have them write their own scripts (or you can do it) so that it modifies hook1 to call their own functions.

sorry if i lost you there, i might have lost myself too, long day at work.
×

Success!

Help @Natcon67 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.15,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...