Page 1 of 1

Executing PHP code from SQL?

Posted: Sun Jan 21, 2007 10:21 pm
by FuzzyLogik
I have the following code (truncated) in a field in my table, and I need the php to execute, but it does not.

Code: Select all

<ul>
<li><?php enclink(\"wordpress.org\",\"WordPress\"); ?></li>
<li><?php echo(\"testing\"); ?></li>
<li>' . enclink("b2evolution.net","b2evolution") . '</li>
<li>' . enclink("nucleuscms.org","Nucleus") . '</li>
<li>' . enclink("pmachine.com","pMachine") . '</li>
</ul>
You can see what happens here:

http://www.goonsquad.org/faqs
(Hint: Search for b2evolution and look directly above it.)

As you can see, the PHP code isn't executing.

I have tried it without escaping the quotes, with escaping them and using single quotes, nothing seems to return anything.

Does anyone know of a way to parse the php code after returning a query from sql?

Thanks.

Posted: Sun Jan 21, 2007 10:26 pm
by aaronhall
mysql_result(), or mysql_fetch_array() or any of its variants.

You don't need to escape quotes that encapsulate arguments in functions.

Posted: Sun Jan 21, 2007 10:31 pm
by FuzzyLogik
aaronhall wrote:mysql_result(), or mysql_fetch_array() or any of its variants.

You don't need to escape quotes that encapsulate arguments in functions.
That's what I'm using.

Code: Select all

$query = "SELECT * FROM resource WHERE page LIKE '" . $page . "'";
$result = mysql_query($query);
$row = mysql_fetch_row($result);

...


$content = $row3[5];

...

echo $content;

Posted: Sun Jan 21, 2007 10:34 pm
by aaronhall
That's not how you use mysql_fetch_* -- you'll need to dig into the manual entry a little more deeply.

Posted: Sun Jan 21, 2007 10:38 pm
by aaronhall
The mysql_fetch_row() entry doesn't cover result resources with more than one row. Have a look at mysql_fetch_array() instead

Posted: Sun Jan 21, 2007 10:39 pm
by FuzzyLogik
aaronhall wrote:That's not how you use mysql_fetch_* -- you'll need to dig into the manual entry a little more deeply.
It seems as though all of the examples use it in that fashion, or use the name of the cell "$row["title"]" so I don't see how else it can be used to parse PHP code.

Could you prod me a bit more directly?

Posted: Sun Jan 21, 2007 10:39 pm
by FuzzyLogik
aaronhall wrote:The mysql_fetch_row() entry doesn't cover result resources with more than one row. Have a look at mysql_fetch_array() instead
I only need one row from this query

Posted: Sun Jan 21, 2007 10:42 pm
by aaronhall
FuzzyLogik wrote:
aaronhall wrote:The mysql_fetch_row() entry doesn't cover result resources with more than one row. Have a look at mysql_fetch_array() instead
I only need one row from this query
Why are you referencing $row3?

Posted: Sun Jan 21, 2007 10:42 pm
by FuzzyLogik
aaronhall wrote:
FuzzyLogik wrote:
aaronhall wrote:The mysql_fetch_row() entry doesn't cover result resources with more than one row. Have a look at mysql_fetch_array() instead
I only need one row from this query
Why are you referencing $row3?
sorry, consider that row3 just row. I was editing them all to make it more clear.

Posted: Sun Jan 21, 2007 10:46 pm
by aaronhall
Are you sure that the query is returning something (mysql_num_rows())?

Also, you can use mysql_fetch_assoc() as you would mysql_fetch_row() to return only a single row, only your array keys will be the names of your columns instead of their numeric index in the array. It makes things more readable, easier to debug problems like this.

Posted: Sun Jan 21, 2007 10:50 pm
by FuzzyLogik
aaronhall wrote:Are you sure that the query is returning something (mysql_num_rows())?

Also, you can use mysql_fetch_assoc() as you would mysql_fetch_row() to return only a single row, only your array keys will be the names of your columns instead of their numeric index in the array. It makes things more readable, easier to debug problems like this.
The entire content section is being pulled from there... here is a larger portion of what's in the cell:

Code: Select all

<dt id="blog">Instant Blogs</dt>
<dd>
<p>
The blogs (journals) below can be installed with a click of the mouse.</p>
<ul>
<li><?php enclink("wordpress.org","WordPress"); ?></li>
<li><?php echo("testing"); ?></li>
<li>' . enclink("b2evolution.net","b2evolution") . '</li>
<li>' . enclink("nucleuscms.org","Nucleus") . '</li>
<li>' . enclink("pmachine.com","pMachine") . '</li>
</ul>
</dd>

<dt id="portal">Instant Portals</dt>
<dd>
<p>
You can install the below portals instantly.</p>
<ul>
<li>' . enclink("drupal.org","Drupal") . '</li>
<li>' . enclink("geeklog.net","Geeklog") . '</li>
<li>' . enclink("phpnuke.org","PHP-Nuke") . '</li>
<li>' . enclink("phpwebsite.appstate.edu","phpWebSite") . '</li>
<li>' . enclink("postnuke.com","Post-Nuke") . '</li>
<li>' . enclink("siteframe.org","Siteframe") . '</li>
<li>' . enclink("xoops.org","Xoops") . '</li>
</ul>
</dd>

<dt id="phpnuke">Instant PHP-Nuke</dt>
<dd>
<p>
With a click of the mouse you have the ability to create a ' . enclink("phpnuke.org","PHP-Nuke") . ' site, along with many others!
</p>
</dd>
So it's certainly returning, as you can see it, but the PHP isn't parsing.

At this point, I would rather not change something for aesthetic reasons, I will do all of that later, I just want to make sure it 's all functional.

Posted: Sun Jan 21, 2007 11:00 pm
by aaronhall
Sorry -- I didn't understand what you were doing. You need to use eval() if the code you are trying to execute is in a string, but this really isn't recommended. Consider using include() or require().