FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Using PHP code from a Database





Horizon
Well I like making my life easier by taking the time to create PHP scripts that will do work for me.. duh. Rolling Eyes

So what I've done is made it so I can use forms to add, edit, or delete data in rows within a database. But here's where the problem comes in. I want to be able to run a PHP script that resides within a database. So let's say..:

Coding within the database:
Code:

echo "This is an echo statement.";


Coding on the page:
Code:

<?php

//Coding that connects to the database goes here.
//Coding that selects the row in the database with desired information. Part of this information is as follows

//Coding that prints and runs the PHP coding in the database.

?>


I just need a way to "activate" the coding which will end up print "This is an echo statement" on a page, without it appearing as "echo "This is an echo statement.";". Obviously it's a waste to use echo statements like that, but I plan on using functions instead. I hope you get the general idea.. Confused
Faraz
Use EVAL function. Example:

Code:
<?php
eval('echo "This is an echo statement.";');
?>


More info: http://www.php.net/eval

I hope that's what you are looking for.
Horizon
It works perfectly, Faraz! I went further than the examples and used if statements to see if it works:

Code:

<?php
function data()
{
$string = stripslashes('if ($_GET[post] == ""){ echo "It works!"; } else { echo "It still works!"; }');   
eval ($string);
}

data();

?>


I used the stripslashes as well so I don't have to constantly add the backslash when editing or making new rows, which goes to show that it'll work even more. But instead of putting the code itself in the stripslashes(), I'll use something like {$row['coding']} which is taken right from the database, then the eval() will do what I need it to do ^^.

Thank you VERY much for this, now more things can be done Very Happy


EDIT:


A new problem has risen, which still relates to this. Here's a bit of code for an example:

Coding within the database; the row is called "coding":
Code:

function data()
{
echo \"This coding is stored in the database.\";
}


Code one the PHP page:
Code:

//Connect to the database.
//Select the tables/rows.

function display()
{

eval($row['coding']);

data();
}

finish();



But for some reason, I keep getting an error stating that the function data() wasn't found! That's why I didn't show too much of the coding (database connection, which is always the same and always working), as it seems the problem resides in the eval code.. So can anybody help?
Crying or Very sad
kv
from http://www.php.net/eval

Quote:

eval() returns NULL unless return is called in the evaluated code, in which case the value passed to return is returned. If there is a parse error in the evaluated code, eval() returns FALSE and execution of the following code continues normally. It is not possible to catch a parse error in eval() using set_error_handler().


Check for the return value of the eval function to see if it is FALSE. If it is FALSE, then there is a parser error in your eval code. You may then check your code.

Maybe you may need to run $row['coding'] through stripslashes().
imagefree
first try using

Code:
print_r($row);

before
Code:
eval($row['coding']);

to see whether the expected data exists in the array.

The problem with the above script (appears to me) is that you forgot to use stripslashes.

Anyways, i came to mention the danger of this function.

Never use it on performance sensitive servers. Its about 20 times slow than normal script execution. You can test it.

Never use this function with user submitted input inside it in any way (even after some sort of validation). This function is really dangerous because anyone can remotely handle whole of your server with the help of eval().
Horizon
Quote:
Its about 20 times slow than normal script execution. You can test it.

Yep, I noticed this when I was going through this. Even with a small bit of coding, it still ran slower. I even compared it to simply having the coding on the page itself and it just confirmed this!

Quote:
Never use this function with user submitted input inside it in any way (even after some sort of validation). This function is really dangerous because anyone can remotely handle whole of your server with the help of eval().

There's no way I can ignore that. This may not be a great idea after all.. Crying or Very sad

I'd rather not risk losing everything over a single function like eval(). But would there be any other way, and safer at that, which would still have the ability to edit the data from another page? (It IS set to nobody else can get to such a page, thank God for MYBB Razz ) But using the eval(), I've tried and tried but I just can't get it to work. I constantly get different errors, but it's mostly not being able to call the function data() that's in the database. So if there are any alternatives to this, even without a database, please share Crying or Very sad



But at least I learned something new that can be very helpful in the end! Thanks for your help on the eval(), kv, faraz, and imagefree. Wink
kv
There are several options, but I am assuming you want the code to be dynamic. Otherwise you can have just data in the database and use the data in the page instead of code. If it is data, you don't have to eval() it, you can just echo it. This is how most CMS work.

If you want code to be dynamic, you can store them in files. Put all the dynamic code in different files in a separate directory and use some naming convention for files ( like code_<row number>.php ) then in your code just include() the file.
imagefree
kv wrote:
There are several options, but I am assuming you want the code to be dynamic. Otherwise you can have just data in the database and use the data in the page instead of code. If it is data, you don't have to eval() it, you can just echo it. This is how most CMS work.

If you want code to be dynamic, you can store them in files. Put all the dynamic code in different files in a separate directory and use some naming convention for files ( like code_<row number>.php ) then in your code just include() the file.


you have a nice suggestion but i will require a lots of hard work to keep files and file names up to date and ready for use. Also there are chances of missing.

I have a better idea. Why not to save the code in a file and then simply include that file?

I think it would be faster and more responsive and is just like real programming.

For example:

Code:


//open connection, select database and query the db
//$row['code'] = 'echo \'Hello World\';';

//you need to have appropriate permissions like (755)
$random = rand();

$handle = fopen('./'.$random.'.php','a+');
if(fwrite($handle , $row['code']))
require('./'.$random.'.php');
else
echo 'failed';
//you may use error handling or even use evel() as an alternative if filesystem fails to include the file.
fclose($handle);
kv
imagefree wrote:

I have a better idea. Why not to save the code in a file and then simply include that file?


Write the code to a file every time you want to execute it? I don't think that is a good idea. eval() would be faster than writing to a file.
Horizon
Quote:
I have a better idea. Why not to save the code in a file and then simply include that file?

I think it would be faster and more responsive and is just like real programming.


Well I've never thought about that! I'm focusing too much on databases, probably because I wanted to store everything in the same general area. But if I have to resort to a file, it'll be that way. I'm gonna go try it out now.

Quote:
Write the code to a file every time you want to execute it? I don't think that is a good idea. eval() would be faster than writing to a file.


Well, had Eval worked for me, either one would've been fine. The point in using each is to create a seperate PHP page that allows me to use a webform to change the code within the files, giving much quicker access to editing. It's somewhat of a security hazard but again, MyBB variables are used to prevent security issues.

Hopefully the files bit work 8(
BlueVD
Using eval with code stored in a db has many caveats. Yes, you can have only one file and the rest of the site stored in the db, but from my own experience I can say it's a debuggers nightmare.
You'd be better of with oop and a few files with the objects definitions that storing your whole site in a db.
EDIT: Plus, eval is a problem when it comes to security. In certain cases it can expose quite a lot of info about your scripts that, if fallen in the wrong hands, can lead to exploits.
Fire Boar
Yep, eval is about the most dangerous option you could choose. I'd skip the database entirely and just go with making the files in a special folder, then maybe index them. Also you have to be very careful about the contents of the PHP file being generated. Check for file operation commands, eval, exec, and so on. For if you need those functions, you ought to have a factory class that loads up a file class on demand (and any others asked of it). That's a lot more advanced, but it's also a lot safer. Anyway, do what works for you. I think you should just be careful, that's all.
Related topics
[tutor] How to protect images without htaccess using PHP
Show PHP Code
Introducing ROBIN!
Using PHP
mySQL Query/PHP code - get the highest value...
Communicating between web pages
What is a good or bad php code?
Access Java 1.6 Web service using php client
Email Using PHP
How to code a simple blog using PHP
"Drop Down List Box" Using PHP and MySql
Can I add tasks to Windows Scheduled Tasks - Using PHP?
Fetch Alexa Rank of website using PHP function easily
Help displaying pdfs using PHP
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.