Jump to content

Recommended Posts

here's what i want to do...

i want to store php code in mysql field and then to select it by a query and execute it in php...

 

$sql = "SELECT thing FROM " . DB_PREFIX . "things WHERE thing_id = ". $item_details['thing_id'] ."";
$res = mysql_query($sql) or die(mysql_error());
$lcount = mysql_num_rows($res);
$r = mysql_fetch_assoc($res);
$thing = $r['thing'];

in the db field i want so store something like this :

<?=MSG_THING_ALARM;?>

 

when i echo the $thing i must have the code from db executed

i need it executed because it's a multi language website, and this row "<?=MSG_THING_ALARM;?>" looks in the language file and returns with the correct translation of the term

the language file looks like this

define ('MSG_THING_ALARM', 'Alarm');

 

waiting your suggestions

thanks!

It's often not a good idea because if just anyone can enter whatever they wish into the database it would be very easy for them to insert something maliciousness that could cause problems.

 

If access to inserting things into the database that will be processed by eval() is limited and not public it would be fine, in that it probably won't cause any problems, just not necessarily a good practice.

 

To give you a suggestion for an alternative I'd probably need to know more information.

i can;t use eval() because i must echo the row since is a loop and prints each $thing...

i do understand it can be injected so i'm not going to use it in this case

i am thinking to store the $thing names in different tables already translated, since is a 4 language website, and there are only 30 $thing names, there won't be a problem.

thanks for your quickly reply!

if you're gonna use preg_match just create pseudo-variables %{NAME} and then just use str_replace("%{NAME}",$name,$text); and then POW you have inserted dynamic text into static database information without the regex redundancy and evaluating and all the hoopla :)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.