no output, what's wrong!

[jac.kock]

hi all,

 

im making a CMS and the website uses a php page main to display pages stored in the sql database!

 

now my problem is that everything works fine but wen i call a page from de db with html and php code it will not display the php code,

i work whit str_replace to replace %php_open% to <? and %php_close% to ?> because sql don't saves <?php i write the pages as %php_open% tot save in cms.

 

this works fine and when i want to open the page all htm is visable but the php is notm when i open the source in the browser i see the php nice and well as it should be.

 

what am i doing wrong to show the php ??

 

SOURCE CODE:

 

</td>

 

<td width="98%">

 

<br />

<

 

b>Notice</b>: Undefined index: admin in <b>/home/vhosts/pc-hulp-online.nl/subdomains/test/httpdocs/main.php</b> on line <b>16</b><br />

<?

 

function getIp() { if( isset( $_SERVER[ "HTTP_X_FORWARDED_FOR" ] ) ) { $return = $_SERVER[ "HTTP_X_FORWARDED_FOR" ]; } else if( isset( $_SERVER[ "HTTP_CLIENT_IP" ] ) ) { $return = $_SERVER[ "HTTP_CLIENT_IP" ]; } else { $return = $_SERVER[ "REMOTE_ADDR" ]; } return $return; } ?> <H1>Uw external IP:</H1><P>Deze is door uw provider aan u toegewezen, en kan nodig zijn bij speciaal ontwikkelde software zoals bijv. een chat server of andere servers zoals een FTP of HTTP server, of bij Remote desktop services </P><P>Uw huidige external IP Adres is: <? getIp(); ?></P><P><FONT color=#ff0000>Copyright by pc-hulp-online.nl ©®20013 </P></FONT> </td>

 

<td width="1%">

 

 

 

</td>

 

this ia exactly what it should be after getting it out off the db and replaced the %php_open% strings why don't display the IP???

 

can someone help me??

 

thnx jamie kock (holland)

[PFMaBiSmAd]

This is going to be all negative, but here's what's wrong with what you are trying to do -

 

A) There's nothing that would prevent <?php from being saved by a query. Whatever problem you were having doing that needs to be solved.

 

B) Databases are for storing data, not server-side code.

 

C) The C in CMS stands for Content. Php server-side code is not Content.

 

D) The method you would need to use to accomplish this comes with a Cautionary warning in the php documentation -

Caution

The ______ (statement name removed) language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

 

So, if any user supplied content that is output on your cms also contains php code, that code would get executed.

Edited February 2, 2013 by PFMaBiSmAd

[PFMaBiSmAd]

The correct method is to only store content in your database using a template, where you have place holders in the template that get replaced with runtime values.