Get and launch PHP code from $_GET

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
bdlson
Forum Newbie
Posts: 3
Joined: Thu Nov 05, 2009 8:35 am

Get and launch PHP code from $_GET

Post by bdlson »

Hello!
I have next task to resolve %)
I need to creat some php code wich allows take php code from $_GET and launch it. Php code may contains php commands with php variables (like $p) and MySQL queries (like 'SELECT * FROM tablename').
For example:

I type url like this:
http://mysite.com/index.php?php=$q=1; $q=2; echo $q1.$q2; connect(); $query='SELECT * FROM tablename';$q=query($query); close(); $q=convert($q); forech( $q as $line ) { echo $line; }

So php code in $_GET['php'] = "$q=1; $q=2; echo $q1.$q2; connect(); $query='SELECT * FROM tablename';$q=query($query); close(); $q=convert($q); forech( $q as $line ) { echo $line; }"
How can i launch (run/execute) it in my index.php script.

I used eval() function, but it outputed some warnings and not worked correctly. :banghead:

How can i do it :?:
Thanks.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: Get and launch PHP code from $_GET

Post by AbraCadaver »

It is easy to do, however, THIS HAS GOT TO BE ONE OF THE MOST DANGEROUS THINGS I HAVE EVER SEEN!!! WHAT ARE YOU THINKING?!?!

-Shawn
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Get and launch PHP code from $_GET

Post by jackpf »

So...where can I find this script of yours?
bdlson
Forum Newbie
Posts: 3
Joined: Thu Nov 05, 2009 8:35 am

Re: Get and launch PHP code from $_GET

Post by bdlson »

:) I know that it would be dangerous, but it`s my project and my experiment.
The goal of my project is managing the site by url from GET params.

So you said that it`s easy. So how can i do it? Please tell me.
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: Get and launch PHP code from $_GET

Post by Mirge »

What are the errors/warnings/notices that eval() is spitting out?
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: Get and launch PHP code from $_GET

Post by AbraCadaver »

bdlson wrote::) I know that it would be dangerous, but it`s my project and my experiment.
The goal of my project is managing the site by url from GET params.

So you said that it`s easy. So how can i do it? Please tell me.

Code: Select all

 eval($_GET['php']);
However there are some gotchas:

1. You'll get a parse error because there is no 'forech', it should be 'foreach'.
2. Undefined variable: q2 and q1
3. Unless you have defined query(), close() and convert() you'll get fatal errors there
4. If you have magic_quotes_gpc On you'll have to stripslashes() first
5. The current URL you have will work, but on other characters you may have to run urlencode() before using the code in the URL

If you have error reporting on and are paying attention to the errors, you should have seen Parse error: syntax error, unexpected T_AS, which if you search T_AS at php.net it directs you to foreach.

-Shawn
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
bdlson
Forum Newbie
Posts: 3
Joined: Thu Nov 05, 2009 8:35 am

Re: Get and launch PHP code from $_GET

Post by bdlson »

Thanks a lot!
My promblem was i didn`t use stripslashes() and urlencode()!

That`s ok! Working....

About potential dangerous of this decision: i also developed some coding procedure for coding and decoding code putting in GET, so everyone cann`t use this feature.
Post Reply