PHP Function held in database

[themistral]

Guys, I am stumped!

 

I have a website where the content is held in a database.

For example a table called page_content has a field called content.

Held in that field is the following text "This is the page text."

 

This is all fine - I have the scripts all set up so I can retrieve this.

 

However, I want to be able to store and retrieve the following:

 

"This is the page text. <?php echo functionName(); ?>"

The content is brought into a page that includes the function.

 

Firstly, is this possible - secondly, how is this possible?!

 

I have been trying to get my head around the eval function but I am still not sure this is will do what I want.

 

Any help gratefully received!! 

[btherl]

I don't recommend doing that .. instead you can use tags like phpbb does.  But if you really want php code in your database, you need eval()

[The Little Guy]

you could try using eval()

[simonrs]

yeh this is very bad. You can never 100% guarantee the sanitization of a database. What if someone gained access to it? They could insert whatever php they wanted into your database and your scripts could potentially run it. In PHP potentially system wide changes could be made, for instance deleting the entire contents of the server.

 

Also, what if you refactored your code and consequently deleted that function? Then the database is out of date and will prompt an error, and there's no easy way of updating it.