Jump to content

Reading php statements from an SQL table


lxndr

Recommended Posts

I'm currently displaying a series of web pages based on HTML code and content which is stored in an SQL table.  This works fine.  Basically, the data is read into a php variable and then displayed using php echo statement.  What I'd like to be able to do is incorporate php statements into the code stored in the SQL database but when I do that currently the php code does not get interpreted but merely left as the original code and ignored.  Presumably this is because I'm echoing the content .. is there a way round this, i.e. I can read in the php code from the database AND have it interpreted as part of the web page display.

 

Thanks in advance for any help.

 

Ian

 

Hi,

 

I don't think that it's safe / secure to have php interpret statements from a database. There aren't really any ways to prevent injection of dangerous code that way. Either way, not sure how you could make that work. Perhaps make a function with the code that you could call? Or have the sql database store some data that the function can interpret and create code that does what you're looking for if the code differs from query to query.

You can use the eval() function, but this breaks a prime rule of programming - separation of code and data (content.)

 

If the data in the database can in any way, deliberately or accidentally (sql injection), come from user (spam bot) supplied input, then you are just asking for your web server to be taken over.

You can use the eval() function, but this breaks a prime rule of programming - separation of code and data (content.)

 

If the data in the database can in any way, deliberately or accidentally (sql injection), come from user (spam bot) supplied input, then you are just asking for your web server to be taken over.

 

 

 

I've basically been writing (for free) a series of web pages for a charity organisation and they regularly want their pages updating.  Because I'm not always able to do it for them immediately I wrote a series of admin functions for them which allow them to change some of the page content.  These functions are behind 2 layers of password protection ... I'm not sure whether that would be considered secure enough ?

 

__

 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.