themistral Posted September 8, 2008 Share Posted September 8, 2008 Guys, I am stumped! I have a website where the content is held in a database. For example a table called page_content has a field called content. Held in that field is the following text "This is the page text." This is all fine - I have the scripts all set up so I can retrieve this. However, I want to be able to store and retrieve the following: "This is the page text. <?php echo functionName(); ?>" The content is brought into a page that includes the function. Firstly, is this possible - secondly, how is this possible?! I have been trying to get my head around the eval function but I am still not sure this is will do what I want. Any help gratefully received!! Quote Link to comment Share on other sites More sharing options...
btherl Posted September 9, 2008 Share Posted September 9, 2008 I don't recommend doing that .. instead you can use tags like phpbb does. But if you really want php code in your database, you need eval() Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted September 9, 2008 Share Posted September 9, 2008 you could try using eval() Quote Link to comment Share on other sites More sharing options...
simonrs Posted September 13, 2008 Share Posted September 13, 2008 yeh this is very bad. You can never 100% guarantee the sanitization of a database. What if someone gained access to it? They could insert whatever php they wanted into your database and your scripts could potentially run it. In PHP potentially system wide changes could be made, for instance deleting the entire contents of the server. Also, what if you refactored your code and consequently deleted that function? Then the database is out of date and will prompt an error, and there's no easy way of updating it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.