Running PHP code from the database

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
sk8erh4x0r
Forum Commoner
Posts: 43
Joined: Wed May 26, 2004 8:27 pm

Running PHP code from the database

Post by sk8erh4x0r »

Is there a way to get PHP code to execute when selected from the database?

Code: Select all

$query = "SELECT * FROM `test`";
$result = mysql_query($query) or die(mysql_error());

while($row = mysql_fetch_assoc($result)){
echo $row['code'];
}
?>
$row['code'] is:

Code: Select all

<?php
echo "This is a test";
?>
I want it to echo 'This is a test' on the page.
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Re: Running PHP code from the database

Post by nielsene »

biznickman
Forum Newbie
Posts: 13
Joined: Tue Aug 16, 2005 10:32 am

Post by biznickman »

Example

Code: Select all

<?php
$sql = "SELECT class,function,arguments,instantiate FROM page_classes WHERE page='$_REQUEST[page]'";
$result = mysql_query( $sql ) or die( mysql_error() );
while( $assoc = mysql_fetch_assoc( $result ) ){
    eval("\$class = new $assoc[instantiate];");
}
?>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

warning: be extremely careful with stored code.
sk8erh4x0r
Forum Commoner
Posts: 43
Joined: Wed May 26, 2004 8:27 pm

Post by sk8erh4x0r »

i don't understand that example.. plus, what's $class?
biznickman
Forum Newbie
Posts: 13
Joined: Tue Aug 16, 2005 10:32 am

Post by biznickman »

$class is A variable being assigned to a new class. If you are unaware of what classes are, I suggest reading up on them at http://us3.php.net/manual/en/ref.classobj.php . Unfortunately, php is not much of an object oriented language, so for whatever purpose you are using eval, this may not be the most useful. If you want to provide a little more detail as to what you are trying to accomplish, that would be useful.
User avatar
Fractal
Forum Commoner
Posts: 54
Joined: Tue Aug 16, 2005 1:28 pm

Post by Fractal »

Code: Select all

<?php

include "connect.php";

$PID=$_GET['PID'];
$page="SELECT * FROM Pages WHERE PID='$PID'";
$page2=mysql_query($page);
while ($page3=mysql_fetch_assoc($page2))
{
  eval("\$ps = new $page3[PageSource];");
}

?>
Here's what I have in the table exactly.

Code: Select all

<?php

session_start();
include "connect.php";

if (isset($_SESSION['Username']))
{
  session_destroy();
  print "You have been logged out.";
}
else
{
  print "You must be logged in before you can logout.";
}

?>
It keeps parsing no matter what I have in the table.

Parse error: parse error, unexpected '<', expecting T_STRING or T_VARIABLE or '$' in /home/fractal/domains/ut-online.org/public_html/logout.php(11) : eval()'d code on line 1


Any ideas?

EDIT: This topic was posted for me since I didn't have an account at the time.. .-.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I'm going to guess that you have <?php or similar as the first thing... you don't need that, you're already running in php.

It'd be nice to know what's in the record to better help...
User avatar
Fractal
Forum Commoner
Posts: 54
Joined: Tue Aug 16, 2005 1:28 pm

Post by Fractal »

feyd wrote:I'm going to guess that you have <?php or similar as the first thing... you don't need that, you're already running in php.

It'd be nice to know what's in the record to better help...
I thought about that but when I removed the <?php and ?> tags it complained about the session_start();
Then I removed that and it complained about the include "connect.php";
Then I removed that aswell and it complained about the if statement I have..
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Code: Select all

<?php

include "connect.php";

$PID=$_GET['PID'];
$page="SELECT * FROM Pages WHERE PID='$PID'";
$page2=mysql_query($page);
while ($page3=mysql_fetch_assoc($page2))
{
  eval("{$page3['PageSource']}");
}
?>
This should be closer to what you want. The class example sent you off on the wrong direction.
User avatar
Fractal
Forum Commoner
Posts: 54
Joined: Tue Aug 16, 2005 1:28 pm

Post by Fractal »

nielsene wrote:

Code: Select all

<?php

include "connect.php";

$PID=$_GET['PID'];
$page="SELECT * FROM Pages WHERE PID='$PID'";
$page2=mysql_query($page);
while ($page3=mysql_fetch_assoc($page2))
{
  eval("{$page3['PageSource']}");
}
?>
This should be closer to what you want. The class example sent you off on the wrong direction.
Thanks nielsene... That fixed it =D
User avatar
shoebappa
Forum Contributor
Posts: 158
Joined: Mon Jul 11, 2005 9:14 pm
Location: Norfolk, VA

Post by shoebappa »

Sounds like a pretty bad idea. I can rarely think of a time when eval is useful, or more importantly safe. Why exactly are you storing code, there has to be a better way...
User avatar
jwalsh
Forum Contributor
Posts: 202
Joined: Sat Jan 03, 2004 4:55 pm
Location: Cleveland, OH

Post by jwalsh »

I never did understand the use of stored procedures on a non-compiled language like PHP. Really is not worth the risk.
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

jwalsh wrote:I never did understand the use of stored procedures on a non-compiled language like PHP. Really is not worth the risk.
This isn't a stored procedure, by any sense of the term, when its normally used in database parlence.
Post Reply