drisate Posted February 19, 2008 Share Posted February 19, 2008 I was wandering if it's possible to insert php code into a mysql table and retreave it later to execute it ... Link to comment https://forums.phpfreaks.com/topic/91909-inserting-php-in-a-mysql-table/ Share on other sites More sharing options...
suttercain Posted February 19, 2008 Share Posted February 19, 2008 yes Link to comment https://forums.phpfreaks.com/topic/91909-inserting-php-in-a-mysql-table/#findComment-470638 Share on other sites More sharing options...
drisate Posted February 19, 2008 Author Share Posted February 19, 2008 Really ... intresting. I am making a header foother add-on for my board and this couls be great :-) so how would you do it? i have the <textarea name=\"header\" rows=\"28\" cols=\"74\">".htmlspecialchars_decode($header)."</textarea> iserted into $hf=mysql_query("UPDATE $dbprefix"."_header_foother SET header='".htmlspecialchars($_POST['header'])."', foother='".htmlspecialchars($_POST['foother'])."'", $db) or die ('OUPS >.< : '.mysql_error()); and to retreave it i use if (!function_exists("htmlspecialchars_decode")) { function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT) { return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, $quote_style))); } } $hf=mysql_query("SELECT * FROM $dbprefix"."_header_foother", $db); while ($hf_info=mysql_fetch_array($hf)){ $header_info = htmlspecialchars_decode($hf_info['header']); } if(stristr($_SERVER[php_SELF].$_SERVER[QUERY_STRING], '/fr/') === FALSE) {$lang="EN";}else{$lang="FR";} if ($style[name]=="gray/blue"){$style[name]="gray-blue";} $styled_logo = "flash/vbb_logo_".$style['name'].".swf"; $header_info = str_replace("[FLASH-LOGO]", $swf, $header_info); echo $header_info; How can you insert php with out having it executed in plain text? Link to comment https://forums.phpfreaks.com/topic/91909-inserting-php-in-a-mysql-table/#findComment-470649 Share on other sites More sharing options...
suttercain Posted February 19, 2008 Share Posted February 19, 2008 See eval() http://us3.php.net/manual/en/function.eval.php Link to comment https://forums.phpfreaks.com/topic/91909-inserting-php-in-a-mysql-table/#findComment-470651 Share on other sites More sharing options...
aschk Posted February 19, 2008 Share Posted February 19, 2008 My advice is not to go down this road. Code belongs in files. Data/information belongs in databases. Link to comment https://forums.phpfreaks.com/topic/91909-inserting-php-in-a-mysql-table/#findComment-470655 Share on other sites More sharing options...
drisate Posted February 19, 2008 Author Share Posted February 19, 2008 I don't think i can adapt eval for this anyway ... eval seams to work only when you know the data $string = 'cup'; $name = 'coffee'; $str = 'This is a $string with my $name in it.'; echo $str. "\n"; eval("\$str = \"$str\";"); echo $str. "\n"; but in this case i have no idea what they can type ... [ php ]include("whatever.php");[ /php ] Link to comment https://forums.phpfreaks.com/topic/91909-inserting-php-in-a-mysql-table/#findComment-470675 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.