Page 1 of 1

Calling for a php function when printing out the DB results

Posted: Thu Jul 20, 2006 5:28 pm
by Neller
Hi everyone,

Is it possible to call for a function in the output of a MySQL DB

for example say this was the DB data -> '<td>' . function_call(). '</td>';

when i want to print out the Data using echo..

echo $row['data'];

it actually prints to the screen the function_call() as text and doesnt call for the function is there a way i can do this or am i missing something silly?

Thanks for any help

Alan

Posted: Thu Jul 20, 2006 5:45 pm
by MarK (CZ)

Code: Select all

eval();
may be what you are looking for. Be careful about the security risks though when working with user-submitted data.

Posted: Thu Jul 20, 2006 6:44 pm
by RobertGonzalez
You should seriously reconsider what you are doing. eval() is something that most developers stay away from like the plaque. Can you use something in the DB as a trigger to call a function that is in your code? That might be safer.

Re: Calling for a php function when printing out the DB resu

Posted: Fri Jul 21, 2006 7:01 am
by GM
Neller wrote:Hi everyone,

Is it possible to call for a function in the output of a MySQL DB

for example say this was the DB data -> '<td>' . function_call(). '</td>';

when i want to print out the Data using echo..

echo $row['data'];

it actually prints to the screen the function_call() as text and doesnt call for the function is there a way i can do this or am i missing something silly?

Thanks for any help

Alan

I can't think of a single reason to store a PHP Function call in a database... Why are you trying to do this?

Posted: Fri Jul 21, 2006 7:11 am
by Chris Corbyn
Possibly safer than eval() is to store the function name in the database without it's parentheses... i.e. it's name and nothing else.

Then call it like this:

Code: Select all

while ($row = mysql_fetch_assoc($result))
{
    $row['function_name'](); //This will call the function
}
If there are only a handful of functions you'd expect to be called then this should be easy to sanitize, but if you'r just blindly calling what the db says to call I'd be worried.