how to execute php code from sql?

[siwelis]

If I had some PHP in an mysql table, how could I immediately run it after extracting it?

[Rustywolf]

I dont think you can.

 

Try holding the querys in a file (queries.php, for example), and then include/use the variables whenever you need to?

[siwelis]

I had thought about that, but it wouldn't work the way I need it to unfortunately.

[ldb358]

eval(the code to be executed);

[PFMaBiSmAd]

You would need to do what ldb358 just posted.

 

However, since this violates one of the prime rules of programming, separation of code and data/content (i.e. your data should not contain code), you must be extremely careful where this code came from and what it is.

 

A lot of web sites get taken over because they allow hackers to get their raw code to be executed on a server because it got ran tough an eval() or include() statement. If you accidentally run some content that came from a visitor through the eval() as part of the php code you have stored in a database and that content was not properly validate and happened to contain raw php code itself, a hacker just took over your web site.

 

Also, any syntax error in this code (or any syntax error that a hacker can trigger through content in an effort to probe your server for ways to break in or to simply shut down your site) stored in the database will halt ALL php code execution on your page (the eval() invokes an instance of the php language engine, both making this a slower process than you expect and parse errors in the code stops all php code execution.)

 

Are you sure what you are doing cannot be accomplished by separating the php code out so that you only store data or content in the database and keep the php code as part of the logic on your page?