cyril.boudon Posted November 21, 2009 Share Posted November 21, 2009 Dear all, I request your help as I broke my head on simple stuff I believe. I try replacing Echo by Eval same as follow : <?php echo $row_hotel_name['phtl_1']; ?> ## REPLACE WITH : <? eval ($row_hotel_name ['phtl_1']); ?> The reason is that I store php include code in my database and it can't be read with echo.. but it does not work. Is anybody have a solution and can explain me why I always got the following error message : Parse error: syntax error, unexpected '<' in C:\xampp\htdocs\websites\test\index.php(79) : eval()'d code on line 1 Many thanks for your help, Cyril Link to comment https://forums.phpfreaks.com/topic/182415-problem-replacing-echo-by-eval/ Share on other sites More sharing options...
cags Posted November 21, 2009 Share Posted November 21, 2009 Doesn't sound especially security conscious, but thats another matter. See'ing the code you are trying to pass to eval would probably help. Link to comment https://forums.phpfreaks.com/topic/182415-problem-replacing-echo-by-eval/#findComment-962636 Share on other sites More sharing options...
cyril.boudon Posted November 21, 2009 Author Share Posted November 21, 2009 HI, thank you for your reply. Yes it is not especially security conscious as I only store php include lines to echo some affiliate code to make it easier. The way it is actually is i am using dreamweaver to to build one template and call data stored in my MySql DB and echo the data onto my template. The only problem is that is stored some "php include" lines in the DB and it only can be displayed if they are called with Eval apparently. Please see bellow the code if can help : <?php require_once('Connections/kochang.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } mysql_select_db($database_test, <?php require_once('Connections/kochang.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } mysql_select_db($database_test, $test); $query_menu = "SELECT pid, pname FROM tbl_pages ORDER BY pid ASC"; $menu = mysql_query($query_menu, $test) or die(mysql_error()); $row_menu = mysql_fetch_assoc($menu); $totalRows_menu = mysql_num_rows($menu); $colname_hotel_name = "-1"; if (isset($_GET['pid'])) { $colname_hotel_name = $_GET['pid']; } mysql_select_db($database_test, $test); $query_hotel_name = sprintf("SELECT pname, pttl_1, phtl_1, pttl_2, phtl_2, pttl_3, phtl_3_1, phtl_3_2, pttl_4, phtl_4, pttl_5, phtl_5, pheadline, pbody, ptitle FROM tbl_pages WHERE pid = %s", GetSQLValueString($colname_hotel_name, "int")); $hotel_name = mysql_query($query_hotel_name, $test) or die(mysql_error()); $row_hotel_name = mysql_fetch_assoc($hotel_name); $totalRows_hotel_name = mysql_num_rows($hotel_name); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title><?php echo $row_hotel_name['ptitle']; ?></title> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> <link href="style.css" rel="stylesheet" type="text/css" media="all"> </head> <body id="<?php echo $row_hotel_name['pbody']; ?>"> <div id="container"> <!--<div id="header-ads">GOOGLE ADS COME HERE</div>--> <p class="headline">Koh Chang Hotels and Resorts Reservations - <?php echo $row_hotel_name['pheadline']; ?> Discounts up to 75% by kochang-hotel.com</p> <div id="header"> <div id="h1"><h1>Book your Room and Bungalow on Koh Chang Island</h1> </div> <div id="ads"><a href='http://www.agoda.com/asia/thailand/bangkok.html' rel='nofollow'><img src='http://images.partners.agoda.com/banners/agoda.com/106/9395/120x600_1.jpg'/></a></div> <div class="clear"></div> </div> <div id="wrapper"> <div id="navigation"> <h1>Koh Chang Hotels</h1> <ul id="menu"> <?php do { ?> <li><a href="?pid=<?php echo $row_menu['pid']; ?>"><?php echo $row_menu['pname']; ?></a></li> <?php } while ($row_menu = mysql_fetch_assoc($menu)); ?></ul> </div> <div id="htl-content"> <div id="promo-htl-page"> <div id="promo_title_page"><h1><?php echo $row_hotel_name['pttl_1']; ?></h1></div> <? eval ($row_hotel_name ['phtl_1']); ?> </div> <div id="promo-htl-page-info"> <div id="promo_title_info"> <h1><?php echo $row_hotel_name['pttl_2']; ?></h1> </div> <?php echo $row_hotel_name['phtl_2']; ?> </div> <div id="promo_title_small_container"> <div id="promo_title_small"> <h1><?php echo $row_hotel_name['pttl_3']; ?></h1></div> <div id="promo-htl-page-small"> <?php echo $row_hotel_name['phtl_3_1']; ?> </div> <div id="promo-htl-page-small"> <?php echo $row_hotel_name['phtl_3_2']; ?> </div> </div> <div id="promo-htl-page-rates"> <div id="promo_title_info"> <h1><?php echo $row_hotel_name['pttl_4']; ?></h1> </div> <?php echo $row_hotel_name['phtl_4']; ?> </div> <div id="promo-htl-photo"> <div id="promo_title_info"> <h1><?php echo $row_hotel_name['pttl_5']; ?></h1> </div> <?php echo $row_hotel_name['phtl_5']; ?> </div> </div> <?php include 'inc/footer.php'; ?> </div> </div> Link to comment https://forums.phpfreaks.com/topic/182415-problem-replacing-echo-by-eval/#findComment-962653 Share on other sites More sharing options...
cags Posted November 21, 2009 Share Posted November 21, 2009 a.) Use code tags. b.) Don't post masses of completely irrelvant code. c.) I wanted to know what the contents of $row_hotel_name ['phtl_1'] looks like since that is supposedly what is causing your problem. Link to comment https://forums.phpfreaks.com/topic/182415-problem-replacing-echo-by-eval/#findComment-962659 Share on other sites More sharing options...
cyril.boudon Posted November 21, 2009 Author Share Posted November 21, 2009 Ooops sorry about that, I am not use to post but I will follow the guide : My sql request is bellow: mysql_select_db($database_kochang, $kochang); $query_hotel_name = sprintf("SELECT pname, pttl_1, phtl_1, pttl_2, phtl_2, pttl_3, phtl_3_1, phtl_3_2, pttl_4, phtl_4, pttl_5, phtl_5, pheadline, pbody, ptitle FROM tbl_pages WHERE pid = %s", GetSQLValueString($colname_hotel_name, "int")); $hotel_name = mysql_query($query_hotel_name, $kochang) or die(mysql_error()); $row_hotel_name = mysql_fetch_assoc($hotel_name); $totalRows_hotel_name = mysql_num_rows($hotel_name); Also, how can i clean my previous post ? Thanks again, Cyril Link to comment https://forums.phpfreaks.com/topic/182415-problem-replacing-echo-by-eval/#findComment-962661 Share on other sites More sharing options...
cags Posted November 21, 2009 Share Posted November 21, 2009 Again, thats somewhat irrelevant, I already know it's fetching something from the database, I need to know what is coming from the database. The error is being thrown by eval, thus I obviously would like to see what you are passing to eval. Link to comment https://forums.phpfreaks.com/topic/182415-problem-replacing-echo-by-eval/#findComment-962665 Share on other sites More sharing options...
cyril.boudon Posted November 21, 2009 Author Share Posted November 21, 2009 Ok, bellow is what is stored in the database : <? include("http://ixxxx/test.com/xxx/xxxxxx/detail")?> Thank you for your patience, Link to comment https://forums.phpfreaks.com/topic/182415-problem-replacing-echo-by-eval/#findComment-962676 Share on other sites More sharing options...
cags Posted November 21, 2009 Share Posted November 21, 2009 The value passed to eval shouldn't have PHP tags (<? ?>). Link to comment https://forums.phpfreaks.com/topic/182415-problem-replacing-echo-by-eval/#findComment-962691 Share on other sites More sharing options...
cyril.boudon Posted November 21, 2009 Author Share Posted November 21, 2009 HI, Thanks a lot for your advice, it was logic and very helpfull but I just took out the first tag (<?) as it didn't work when I took out both, so I let the close tag (?>) only and it work well. So now the php include link in my db is same as follow : include("http://ixxxx/test.com/xxx/xxxxxx/detail")?> and not <?include("http://ixxxx/test.com/xxx/xxxxxx/detail")?> Cheers, Cyril Link to comment https://forums.phpfreaks.com/topic/182415-problem-replacing-echo-by-eval/#findComment-962737 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.