Storing actualy PHP code

[adamwhiles]

I have a site that the purpose is for users to be able to submit php code for others to see or help with whatever. I am currently inserting the actual code into a mysql, I know this is not secure but I'm looking for the best way to do this. All I need it to do is store the php code, then be able to view that code w/ highlighting etc. on another page. It works for the most part as is right now, just looking for a better option than storing in a database.

 

Also, it seems like that when the code is pulled back out of mysql the formatting(indents) are a little off, any suggestions there?

 

BTW, this site is not live so I don't have any examples to show you. It just runs privately on my local test machine.

[JAY6390]

When inserting it into the database, save it after running it through htmlentities()

[roopurt18]

I don't see any reason why storing PHP code in MySQL is not secure.

 

If you're storing the programming code in MySQL, then make sure you call mysql_real_escape_string() on the code before inserting it into the database.

 

When you pull the code to display in a browser, just make sure you call htmlentities() before echo'ing it.

 

To fix the spacing, place it within < pre> and </ pre> tags (without spaces of course).

[ignace]

just make sure you call htmlentities() before echo'ing it

 

Otherwise your PHP will not be displayed but will show up in the HTML source. PHP code is harmless until you include- or eval it.