Display php results from mysql field?
Moderator: General Moderators
-
weismana81
- Forum Newbie
- Posts: 20
- Joined: Mon Feb 07, 2011 3:36 am
Display php results from mysql field?
Well, that subject probably made no sense which would explain why I haven't had much luck googling this. I'm working on a dynamic site where each page is a record in a mysql database. My problem is, I would like to create a news interface for the user without having to create a separate news.php file. Is it possible to put php into the "content" field of a record. I'm just trying ... <?php echo "test"; ?> and I can't get that to work.
Any help is much appreciated!!
Any help is much appreciated!!
- ganesh_dabhade
- Forum Newbie
- Posts: 19
- Joined: Sun Feb 06, 2011 12:42 am
- Contact:
Re: Display php results from mysql field?
Describe ur problem in details with example to get more help...
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: Display php results from mysql field?
Post some code...
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: Display php results from mysql field?
Sounds like you're trying to put PHP code in a row in your mySQL table. If that's the case, I wouldn't recommend it.
I'm not sure what you're trying to accomplish, but you're going about it the wrong way (most likely).
-
weismana81
- Forum Newbie
- Posts: 20
- Joined: Mon Feb 07, 2011 3:36 am
Re: Display php results from mysql field?
Well there's two pages. Index.php's main content looks like this.
And update.php has this in it.
The thing is, this site is for a church, and it looks like there have been several people working on it over the years and it has become a bit of a monster. I'm trying to switch them over to a dynamic site so they have a little more control over everything. I'm also trying to keep the "back end" as clean and simple as possible so down the road, it's easier for the next developer to understand what's going on. I added the page_admin_content field so a developer (or even an advanced user) could add some advanced elements (i.e. javascript etc..) to a page without making the user's page_content area confusing for the user. I hope that's not completely stupid. This is the first dynamic site I've made and I guess this is just one of those things... I'm not worried about the issues I can predict, I'm worried about the issues I can't predict.
Anyway, now I'm trying to add php in that page_admin_content area. pburgh is right about what I'm trying to do. I guess my question is, why is it not recommended? If it's a security thing, could I ignore that since it's a few people at church that will have access to the admin pages, or is that reckless.
Thanks so much for the replies!!!
Code: Select all
<div class="center_col">
<?php
$page_id=$_GET['page_id'];
$result = mysql_query("SELECT * FROM sb_pages WHERE page_id = $page_id");
while ($row = mysql_fetch_array($result))
{
echo $row['page_title'];
echo "<hr/>";
echo $row['page_content'];
echo "<br/><br/>";
echo $row['page_admin_content'];
}
?>
</div>
Code: Select all
<fieldset><legend><a href="javascript:unhide('AdminContent');">Admin Content (Advanced use only)</a></legend>
<div id="AdminContent" class="hidden">
<textarea style="height: 300px; width: 800px;" name="page_admin_content" id="page_admin_content" cols="45" rows="5"><? echo $row['page_admin_content']; ?></textarea>
</div>
</fieldset>
Anyway, now I'm trying to add php in that page_admin_content area. pburgh is right about what I'm trying to do. I guess my question is, why is it not recommended? If it's a security thing, could I ignore that since it's a few people at church that will have access to the admin pages, or is that reckless.
Thanks so much for the replies!!!
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: Display php results from mysql field?
That's simple enough, replace the < and > tags with < and > respectively. You can create a custom function or use htmlentities to display the data containing the code.weismana81 wrote:Is it possible to put php into the "content" field of a record. I'm just trying ... <?php echo "test"; ?> and I can't get that to work.
It's not really NOT recommended but the problem comes in if you don't make sure the php code cannot be parsed. Let's say you have something like your example and the database value hasn't been sanitized, somewhere on your page it will echo "test".weismana81 wrote:Anyway, now I'm trying to add php in that page_admin_content area. pburgh is right about what I'm trying to do. I guess my question is, why is it not recommended? If it's a security thing, could I ignore that since it's a few people at church that will have access to the admin pages, or is that reckless.
The php code is parsed as php, because the server recognizes the <?php and ?> tags and executes any code inbetween.
If you sanitize value from the database, you remove the special meaning that < and > has, and now when the page is displayed the server doesn't see php tags and the 'code' is displayed as 'text'. You could also use <code></code> tags to wrap the value in if the above explanation doesn't make sense.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
-
weismana81
- Forum Newbie
- Posts: 20
- Joined: Mon Feb 07, 2011 3:36 am
Re: Display php results from mysql field?
I don't understand exactly how to sanitize the value, but I will look into that.
Thanks again!
I think this is what I'm going for. I don't want the page to display the code, I want the page to run (or I guess "parse" the code. So if the database value is <?php echo "test"; ?>, I want it to display "test". So maybe it is currently being sanitized and I need to figure out how to keep it from being sanitized...?It's not really NOT recommended but the problem comes in if you don't make sure the php code cannot be parsed. Let's say you have something like your example and the database value hasn't been sanitized, somewhere on your page it will echo "test".
Thanks again!
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: Display php results from mysql field?
Is is related to the segment of code below?weismana81 wrote:I think this is what I'm going for. I don't want the page to display the code, I want the page to run (or I guess "parse" the code. So if the database value is <?php echo "test"; ?>, I want it to display "test". So maybe it is currently being sanitized and I need to figure out how to keep it from being sanitized...?
Code: Select all
<textarea style="height: 300px; width: 800px;" name="page_admin_content" id="page_admin_content" cols="45" rows="5"><? echo $row['page_admin_content']; ?></textarea>
</div>“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
-
weismana81
- Forum Newbie
- Posts: 20
- Joined: Mon Feb 07, 2011 3:36 am
Re: Display php results from mysql field?
Well, most of my code seems relatively simple and straight forward, and I don't think I have anything in there that would do that (sanitize that is). Plus, I can get javascript working in this field which leads me to believe that it is working like I'd like it to. I guess I just need to keep digging. Thank you so much for all the help though!! This forum is great!!