cbassett03 Posted January 17, 2013 Share Posted January 17, 2013 Is there a way that I can execute PHP and HTML that is stored within a field/column from a MySQL table result row? For example, if in a column named "page_code" I have the following text: <html><head><title>Sample</title></head><?php echo "This is a test"; ?></html> Is there a way that I can have a PHP script file execute the above statement. (I'm trying to put multiple web pages with HTML and PHP mixed, into a MySQL table but can't get PHP to execute the code before sending the results to the browser.) Quote Link to comment Share on other sites More sharing options...
Psycho Posted January 17, 2013 Share Posted January 17, 2013 You can, but you really shouldn't. It is a bad idea to try and execute code within a string. Your example is obviously not real - you would just put the static string "This is a test" in the output rather than making it an echo. What I assume you are wanting to do is put PHP variables in the line such as <html><head><title>Sample</title></head><?php echo $name; ?></html> So you can define the name and then create the output dynamically. Instead, what you should do is create or find a template system. So, the content you store in the DB would be more like this <html><head><title>Sample</title></head>[[name]]</html> Then you pass the template content and the variables needed to the templating process which replaces the placeholders in the template file with the appropriate variable. Quote Link to comment Share on other sites More sharing options...
devWhiz Posted January 17, 2013 Share Posted January 17, 2013 I would extract the data from the column, create a .php file with the content inside the file, and then you can use the script and delete when finished. Quote Link to comment Share on other sites More sharing options...
cpd Posted January 17, 2013 Share Posted January 17, 2013 I would extract the data from the column, create a .php file with the content inside the file, and then you can use the script and delete when finished. You could, but it would be inefficient and likely a major security issue depending on who wrote the code stored in the database. You can go with Psycho's method or alternatively, and only if you have written the code not an end user, use the output control functions to have the code evaluated. http://php.net/manual/en/ref.outcontrol.php Quote Link to comment Share on other sites More sharing options...
Psycho Posted January 18, 2013 Share Posted January 18, 2013 I would extract the data from the column, create a .php file with the content inside the file, and then you can use the script and delete when finished. Really? That seems like a terrible waste to create flat files simply for the purpose of executing them as PHP. That is what the eval() function is for. But, I was specifically avoiding suggesting eval() function because it is highly advised to NOT use it. Even the manual states that: Caution The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand. Note: I did not add the bold text - that is exactly as it is displayed in the manual. As stated above, it should only be used when there are no other alternatives. And, in this case, there is one which I provided previously. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.