Storing and using PHP in a mysql field

Forum Moderators: coopster

Message Too Old, No Replies

Storing and using PHP in a mysql field

might be one of those 'doh!' moments

mipapage

2:13 pm on Nov 10, 2004 (gmt 0)

Hey all,

I know this can be done but I'm blocked: I want to store some page content in a mysql field that will include some php in it. For example:

<h2>blah blah bla title</h2> 
<p>Lorum ipsum gonna write some text</p> 
<?php someFunction();?> 
<h2>blah blah bla title</h2> 
<p>Lorum ipsum gonna write some more text</p>

How can one do this and include it into a page and have the PHP parsed?

Normally I would get this content by your standard query+fetch_array, and then introduce the content some way or another by

$myvar .= $row['dynamic_content']

, for example.

But how can I do this so it parses the PHP?

coopster

3:32 pm on Nov 10, 2004 (gmt 0)

eval() [php.net] may be what you are looking for.

mipapage

6:43 pm on Nov 10, 2004 (gmt 0)

Doh!

Thanks Coopster, as usual, RTFM :-)

ergophobe

7:11 pm on Nov 10, 2004 (gmt 0)

Mike,

Where does the data come from? Is it pretty secure?

I recently had a vaguely similar solution and I created a parser class to deal with it. Basically, the DB data could be modified by a number of people with varying levels of admin privileges. These are all people who can be trusted not to willfully harm the site, but they can't be trusted to never make a mistake or to keep their passwords secure.

So basically, I have made a parser class that essentially parses a template and that allows a few authorized substitutions. You could have a list of authorized functions or unauthorized functions.

I don't know what your needs are and whether you could make something like that work, but it strikes me off the top of my head that running eval() on dynamically updated data is something that needs to be done with the utmost care and highest security or in the lowest consequence situations only.

Tom

mipapage

8:31 pm on Nov 10, 2004 (gmt 0)

Hey Tom,

Thanks for the heads up. I know this can be a tricky situation. I'm not sure exactly how this will work, but for now I'll be the only one playing with this feature; so something is bound to screw up, but hopefully I'll be able to fix it!

Hmm.. on second read that list of authorized functions sounds like a great way around any trouble. I guess I'll 'perfect' what will be available and then simply provide some template tags for including the functions when necessary.

Holy parsing parsnips, this all seems vaguely familiar...

hope the powder's fallin and the bandwith is back!