PDA

Click to See Complete Forum and Search --> : [RESOLVED] PHP inside a MySQL text field... Can it be done?

solitario
Apr 3rd, 2006, 09:44 PM
Hello all.
Just wondering if there is a way of inserting PHP code in a database field, VARCHAR, MEDIUMTEXT, whatever, and have it echo as PHP code?
I have tried:

$GLOBALS['txt'][0]and<? echo $GLOBALS['txt'][0]; ?>But neither works.
Any help is appreciated.
Many thanks.
penagate
Apr 3rd, 2006, 11:48 PM
Use eval() or output it to a temporary file and include() that file.

Method 1:
eval($GLOBALS['txt'][0]);

Method 2:
file_put_contents('_temp.php', $GLOBALS['txt'][0]);
include('_temp.php']);
unlink('_temp.php');


Should you use the second method be sure that the PHP code has <?php ... ?> tags around it.
solitario
Apr 4th, 2006, 01:15 AM
Thanks penagate.
Perhaps I'm not doing this right.

Here is my query:SELECT reservationist_name FROM reservationists WHERE reservationist_id=0;Here is how I'm looping through the recordset:while($row=mysql_fetch_object($sql)) {
$reservationist_name=$row->reservationist_name
}Yet when I echo it to the page via "echo $reservationist_name;" it's giving me "eval($GLOBALS['txt'][0]);" as text. (The $txt array is right on the page, so I know it's there.) Anyone got an idea why it's not showing me the value of the variable? For the record it is:$txt[0]='Reservationist Not Found';I'd just hate to write that tiny string to a temporary file first, but I will if I have to.
Many thanks.
penagate
Apr 4th, 2006, 01:54 AM
I'm confused. Where is the PHP code stored in the databse?

eval(), will execute PHP code passed to it as a string - if you have actual PHP code in a database field then when you retrieve that field value you pass it to eval().
da_silvy
Apr 4th, 2006, 02:26 AM
Why can't you just echo $txt[0];

?

$reservationist_name = "echo $_GLOBALS['txt'][o];";
eval($reservantionist_name);
john tindell
Apr 4th, 2006, 09:54 AM
Using eval can lead to big security problems, make sure that a user cannot manipulate what is going to be executed. You wouldn't want code to be allowed to be executed which would allow the user to drop all the tables in your database.
solitario
Apr 5th, 2006, 12:25 AM
...then when you retrieve that field value you pass it to eval().Ah, that did it. Thanks!
Why can't you just echo $txt[0];I would have, but I'm structuring my data so that 0 is a "catch all":0 $GLOBALS['txt'][0]
1 Tom
2 Dick
3 HarryThe $txt array is going into an external language file.

And thanks, john tindell. I didn't know that.

Thanks folks. This one is resolved.