Page 1 of 2
PHP not executing
Posted: Tue Jun 22, 2004 11:59 am
by Archy
I have all the page's code for my website in a MySQL database, and then to get the code, I use this to get the code for the page, it works fine:
Code: Select all
<?php
include('admin/header.php'); // get connection information
$row = mysql_fetch_array($rs);
$msg = $row['public'];
include('admin/strings.php');
echo($msg);
?>
However, if I put any PHP code in the database, eg, <?php echo"hello"; ?> then it will not get executed, it just appears on the source like normal HTML (does not actually appear on page, you can just see it on the source if you go view->source). I have also tried it without the <?php and ?> but to no avail.
Does anybody know why this might be happening, and what I can do to actually get the code to execute correctly?
Thanks.
Posted: Tue Jun 22, 2004 12:30 pm
by SBukoski
Check out the
eval() function. I believe this does the trick for you.
Posted: Wed Jun 23, 2004 3:24 am
by Archy
OK, thanks, I realise that I have to use the eval() function now, but am slightly confused about how to add it in. I will try and list some of the ideas that I have, but I dont know which is right, and what the correct code would be.
Would I...
o Insert the code on the actual page where the code is inserted into the database, or
o Add the eval() function into the page that collects the information to be displayed
I am bot sure which of these is correct, but im sure one of them is
In any case, the code gets submitted to another page where it gets inserted into the database. The variable the code is in is called $update_code (nice and orriginal

). I was wondering what the code would be to actuall get it eval()'d to then put it in the database, cause I am also a bit confused about that "/
Thanks.
Posted: Wed Jun 23, 2004 3:28 am
by feyd
it'd be eval'd coming out of the database.. you'll need to sanitize it going in and coming out, as someone may change it (bad boy!)
Posted: Wed Jun 23, 2004 3:31 am
by Archy
What do you mean when you say "you'll need to sanitize it going in and coming out"?
So what would the actual code for doing this, I looked on PHP.net and on the forums, but couldnt get anything to work

Posted: Wed Jun 23, 2004 3:34 am
by feyd
check it for the code which you allow. If anything else is encountered, strip it out, or kick out an error.
Posted: Wed Jun 23, 2004 3:43 am
by Archy
I have tried...
eval($msg);
$msg = eval($msg);
with quotes, without quotes, and many other ways, but none work =/
Posted: Wed Jun 23, 2004 3:44 am
by feyd
what's $msg contain?
Posted: Wed Jun 23, 2004 3:45 am
by Archy
Code: Select all
<?php
include('admin/header.php'); // get connection information
$row = mysql_fetch_array($rs);
$msg = $row['public'];
include('admin/strings.php');
echo($msg);
?>

Posted: Wed Jun 23, 2004 3:48 am
by feyd
$rs is set inside header.php? or is set before the eval?
Posted: Wed Jun 23, 2004 3:49 am
by Archy
It is contained in admin/header.php, along with all the other connection information
Posted: Wed Jun 23, 2004 3:53 am
by feyd
wait a sec.. the code above is what is inside $msg, or where you are eval'ing $msg?
Posted: Wed Jun 23, 2004 4:05 am
by Archy
$msg is the code that is from the database that I am wanting to show.
I need to eval() the $msg variable to get the correct code shown.
Posted: Wed Jun 23, 2004 4:14 am
by feyd
can you post the content you are trying to eval? i.e. the data stored inside $msg.
Posted: Wed Jun 23, 2004 4:30 am
by Archy
OK, sure, I am just testing it at the moment, so I do not have the actual code I am going to use in the end, but here it is that im trying to show:
Code: Select all
<html>
<head>
<meta http-equiv="Content-Language" content="en-gb">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Test</title>
</head>
<body>
<div align="center"><?php echo"test"; ?></div>
</body>