Calling for a php function when printing out the DB results

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
Neller
Forum Newbie
Posts: 18
Joined: Sun Mar 27, 2005 4:56 am

Calling for a php function when printing out the DB results

Post by Neller »

Hi everyone,

Is it possible to call for a function in the output of a MySQL DB

for example say this was the DB data -> '<td>' . function_call(). '</td>';

when i want to print out the Data using echo..

echo $row['data'];

it actually prints to the screen the function_call() as text and doesnt call for the function is there a way i can do this or am i missing something silly?

Thanks for any help

Alan
User avatar
MarK (CZ)
Forum Contributor
Posts: 239
Joined: Tue Apr 13, 2004 12:51 am
Location: Prague (CZ) / Vienna (A)
Contact:

Post by MarK (CZ) »

Code: Select all

eval();
may be what you are looking for. Be careful about the security risks though when working with user-submitted data.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

You should seriously reconsider what you are doing. eval() is something that most developers stay away from like the plaque. Can you use something in the DB as a trigger to call a function that is in your code? That might be safer.
GM
Forum Contributor
Posts: 365
Joined: Wed Apr 26, 2006 4:19 am
Location: Italy

Re: Calling for a php function when printing out the DB resu

Post by GM »

Neller wrote:Hi everyone,

Is it possible to call for a function in the output of a MySQL DB

for example say this was the DB data -> '<td>' . function_call(). '</td>';

when i want to print out the Data using echo..

echo $row['data'];

it actually prints to the screen the function_call() as text and doesnt call for the function is there a way i can do this or am i missing something silly?

Thanks for any help

Alan

I can't think of a single reason to store a PHP Function call in a database... Why are you trying to do this?
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Possibly safer than eval() is to store the function name in the database without it's parentheses... i.e. it's name and nothing else.

Then call it like this:

Code: Select all

while ($row = mysql_fetch_assoc($result))
{
    $row['function_name'](); //This will call the function
}
If there are only a handful of functions you'd expect to be called then this should be easy to sanitize, but if you'r just blindly calling what the db says to call I'd be worried.
Post Reply