Wuhtzu Posted March 4, 2007 Share Posted March 4, 2007 Hey I would like to create a script which "parses"/"executes"/"evaluates" PHP-code from a textarea in a form and then output the result to the browser - you know just to be able to try out some lines of code without having to open your texteditor and upload to your server ect. I often need to see the current timestamp or encrypt something with md5() and it would be really nice just to open www.mydomain.com/evalphp.php, enter "<?PHP md5(stufftoencrypt); ?>" or "<?PHP echo time(); ?>" and have the result printed out How would I do that? For example: #1: I type <?PHP echo "some text to echo"; ?> into my textarea and when I press the submit button it should ouput some text to echo #2: I type <?PHP echo time(); ?> into my textarea and when I press the submit button it should output 1234567890 This is what I have come up with so far: <form action="<?PHP echo $_SERVER['PHP_SELF']; ?>" method="post"> <textarea name="code"></textarea> <input type="submit" value="execute"> </form> <br><br> <?PHP if(isset($_POST['code'])){ $code = $_POST['code']; eval($code); } ?> My only problem is how to use eval()... please let me know if you don't understand what I would like to do Best regards Wuhtzu Quote Link to comment https://forums.phpfreaks.com/topic/41106-evaluate-php-code-from-a/ Share on other sites More sharing options...
Orio Posted March 4, 2007 Share Posted March 4, 2007 I think that should work, but you need to make only one change (that I can think of)- get rid of magic quotes. <?php if(isset($_POST['code'])){ $code = (get_magic_quotes_gpc()) ? stripslashes($_POST['code']) : $_POST['code']; eval($code); } ?> Just make sure this page is password protected (.htaccess maybe?) so no one will be able to cause serious damage to your server (exec(), unlink(), include() can all be used to cause damage). Orio. Quote Link to comment https://forums.phpfreaks.com/topic/41106-evaluate-php-code-from-a/#findComment-199097 Share on other sites More sharing options...
flappy_warbucks Posted March 4, 2007 Share Posted March 4, 2007 this is just a thought as i was reading your post, but have you thought about getting the script to create a new webpage on the fly by using the entered text, then when it has done that, forward the browser to the new page it has just created? for example, say you have just entered the text into your textarea object on your browser, the PHP script will take that text, and then make a file on the server called a random number or something with that script, and then forward the browser to it when its done. By using the code below, it will create a file on the server, you can add your own function to handle the getting of the text, and getting it to that script $script = $_REQUEST['text']; $var = something //i would use a date and timestamp as these will always be different. $fp = fopen("$var.php", "w"); fwrite($fp, "$script"); fclose($fp); Quote Link to comment https://forums.phpfreaks.com/topic/41106-evaluate-php-code-from-a/#findComment-199099 Share on other sites More sharing options...
wildteen88 Posted March 4, 2007 Share Posted March 4, 2007 You will have to use eval in order for the PHP code that is entered in the textarea to be parsed when submitted. I'd change your eval to eval("?>$code"); Your comeout of the PHP block if the code in the textarea has PHP tags in it other wise PHP will get confused and may display an error message like so: Parse error: syntax error, unexpected '<' in scriptname.php in eval'd code on line x Also note that using eval in your script will allow someone to run their own code on your site to malicious activities such as delete files from your site or delete a database etc. You should imply a security features in your script to disable certain functions. Quote Link to comment https://forums.phpfreaks.com/topic/41106-evaluate-php-code-from-a/#findComment-199100 Share on other sites More sharing options...
Orio Posted March 4, 2007 Share Posted March 4, 2007 flappy has a point. This way you will get error messages too (eval() doesn't show error messages as far as I remember). A short extension of flappy's script: <?php $script = $_REQUEST['text']; $var = time(); $fp = fopen($var.".php", "w"); fwrite($fp, "$script"); fclose($fp); include($var.".php"); unlink($var.".php"); ?> Orio. Quote Link to comment https://forums.phpfreaks.com/topic/41106-evaluate-php-code-from-a/#findComment-199103 Share on other sites More sharing options...
ted_chou12 Posted March 4, 2007 Share Posted March 4, 2007 you can try writing the php codes in the txt file, and use include() to include that txt file, and you simply just need a form editting that txt file, since php is hidden. Ted Quote Link to comment https://forums.phpfreaks.com/topic/41106-evaluate-php-code-from-a/#findComment-199105 Share on other sites More sharing options...
Wuhtzu Posted March 4, 2007 Author Share Posted March 4, 2007 Thanks a lot. I got it working both with and without writing the code to a file and including it... And of course it needs security - I'll password protect it with .htaccess, is that good enough? Quote Link to comment https://forums.phpfreaks.com/topic/41106-evaluate-php-code-from-a/#findComment-199112 Share on other sites More sharing options...
Orio Posted March 4, 2007 Share Posted March 4, 2007 I suppose. Maybe make the name of the file hard to guess (or the dir's name, or both ) something like- 3qfz93y5p8.php Orio. Quote Link to comment https://forums.phpfreaks.com/topic/41106-evaluate-php-code-from-a/#findComment-199116 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.