HTML and PHP data stored in DB, how to execute the PHP?

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
JackTheTripper
Forum Newbie
Posts: 3
Joined: Mon Sep 25, 2006 5:21 pm

HTML and PHP data stored in DB, how to execute the PHP?

Post by JackTheTripper »

I'm working moving our web site to where all the main content will be stored in a MySQL database. Currently only a handful of pages that call PHP functions which pull more data from the DB. So here is some example code that is on the current site...


Code: Select all

<p>Here is our address:<br>
<? printAddress('headquarters'); ?></p>
when I put that into the DB it literally prints the whole thing rather than running the function 'printAddress()'

Is there a way using PHP or a MySQL command to execute the php code rather than printing it to the page literally?

Thanks in advance.
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

Out of curiosity, why would you want to do this? Seems like a huge security risk to me...just my $0.02
JackTheTripper
Forum Newbie
Posts: 3
Joined: Mon Sep 25, 2006 5:21 pm

Post by JackTheTripper »

We're developing a content management tool to more easily be able to update the web site. All PHP errors will be surpressed and pages will have an .htm file type but the server will process them as PHP. The end user will have no idea the pages are PHP generated. CMS is behind a fire wall.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

what happens when a user puts unlink('some_really_important_file'); or something even worse into your editor? This is a security risk that I wouldn't go anywhere near.
JackTheTripper
Forum Newbie
Posts: 3
Joined: Mon Sep 25, 2006 5:21 pm

Post by JackTheTripper »

The users are going to be myself and the senior webmaster, so we'll just be sure to NOT do that. But thanks. ;)

Also, eventually if a user enters PHP code directly into the tool (<? unlink('file.php'); ?>) we will parse it out. Only certain functions from an available list will be allowed, not any arbitrary PHP, but that comes after I can execute PHP functions from the DB.
User avatar
HCBen
Forum Commoner
Posts: 33
Joined: Thu Jun 22, 2006 3:15 pm
Location: Indiana

Post by HCBen »

I think the eval function is what your looking for: http://us3.php.net/manual/en/function.eval.php
Post Reply