Output PHP from MySQL Database

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
the9ulaire
Forum Commoner
Posts: 74
Joined: Mon Jun 11, 2007 11:31 am

Output PHP from MySQL Database

Post by the9ulaire »

I simply want to out put a PHP code stored in the database into my page. I've tried:

Code: Select all

$sql = "SELECT page_id, page_name, page_desc, page_content " .
			"FROM pages WHERE page_id=" . $_GET['p'];
	$result = mysql_query($sql, $conn);
	$row = mysql_fetch_array($result);
	$page_content = $row['page_content'];
	eval($page_content);
I am trying to output:

Code: Select all

$sql = "SELECT * FROM calendar ORDER BY date";
$result = mysql_query($sql, $conn);

	echo "<table border=\"0\" cellpadding=\"2\" id=\"calendar_table\">";
	echo "<tr id=\"table_header\">";
	echo "<td width=\"100px\">Date</td>";
	echo "<td width=\"200px\">Location</td>";
	echo "<td width=\"60px\">Time</td>";
	echo "<td width=\"300px\">Description</td>";
	echo "</tr>";
while ($row = mysql_fetch_array($result)) {
	echo "<tr class=\"table_row\">";
	echo "<td width=\"100px\">" . $row['date'] . "</td>";
	echo "<td width=\"200px\">" . $row['location'] . "</td>";
	echo "<td width=\"60px\">" . $row['time'] . "</td>";
	echo "<td width=\"300px\">" . $row['details'] . "</td>";
	echo "</tr>";
}
	echo "</table>";
But all it does is show that code as plain text. How can I fix this so that processes the php?

Thanks in advance!
Luke
User avatar
TheMoose
Forum Contributor
Posts: 351
Joined: Tue May 23, 2006 10:42 am

Post by TheMoose »

I'd advise against it, but you can use PHP's eval() function.
the9ulaire
Forum Commoner
Posts: 74
Joined: Mon Jun 11, 2007 11:31 am

Post by the9ulaire »

TheMoose wrote:I'd advise against it, but you can use PHP's eval() function.
May I ask why?
User avatar
TheMoose
Forum Contributor
Posts: 351
Joined: Tue May 23, 2006 10:42 am

Post by TheMoose »

You have to take extra time to escape any special PHP character (such as the $ to designate variables) and double quotes so that it doesn't assume it's breaking the string. That's extra time spent just formatting the code without actually taking into account the execution time. Hard coded doesn't have to deal with formatting and execution, just execution.

It's more of a performance advisory, than anything else. If you allow custom code to be executed, then you're getting into a security risk.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Unless you know exactly what you're doing and why, eval() is a very dangerous function. Avoid it at all costs.
User avatar
AKA Panama Jack
Forum Regular
Posts: 878
Joined: Mon Nov 14, 2005 4:21 pm

Post by AKA Panama Jack »

As people have mentioned storing PHP code in a database and then EVALing it is just plain damned SLOW plus there are many security issues pertaining to someone modifying the database. Also maintaining the code that is stored in a database is more difficult than maintining it stored as files on a drive.

I tried this in the past and it was many, many, MANY times slower to execute PHP code from a database than just loading it from disk using an include.

Anyone that stores PHP code, teamplate data, etc. in a database for parsing later is just asking for trouble because it is SLOW and INSECURE.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Anyhoots, your eval() has to be a complete statement.

Code: Select all

eval("echo \$page_content;");
Something like that.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
the9ulaire
Forum Commoner
Posts: 74
Joined: Mon Jun 11, 2007 11:31 am

Post by the9ulaire »

Thanks guys! I appreciate your advice! Since I'm so new to this, I'm still unaware of many risks. I will be hard coding my page.

Thanks again!
Luke
Post Reply