...

View Full Version : php code stored in the db



jjshell
01-02-2006, 10:41 PM
Hello,

I have some html stored in MySql and now I have to add some PHP to it. This code will be loaded from the db and should be executed. Is that feasible?

Here is what is typically in the db:




<div class="messages">
if($error){
echo('<span class="error">an error occured</span>');
}
<p>
your messages...
</p>
</div>



And here is the file using the above code:




//db connection etc.

<div class="container">
echo($row['content']);
</div>



In this exemple, $row['content'] is what is retrieved from the db (cf. first code exemple).

Thanks in advance for your help

marek_mar
01-02-2006, 11:07 PM
I'd sugest you to find a different method than storing PHP code in the DB. Though if you really want to do it you'll have to use eval() (http://www.php.net/eval).

Velox Letum
01-02-2006, 11:20 PM
eval() can be a security nightmare...but if you really want to do it that way, thats how you would. I'd suggest just storing it on the filesystem...I did a website entirely from the database once (including logo)...it wasn't pretty.

jjshell
01-02-2006, 11:42 PM
if I store html in a db, how can avoid storing php in the db?

Velox Letum
01-02-2006, 11:55 PM
You should store all of it out of the db, unless its just static content like a news article with HTML markup or something. If it has PHP weaved into it, store it in the filesystem.

Element
01-03-2006, 12:14 AM
The only safe way to use eval is if you define acceptable PHP and check to make sure the code in the string is acceptable before using eval().

jjshell
01-04-2006, 08:42 PM
Ok I'll check it out... But still, if I have a few if statements embedded in my html code, I thought that eval was a good solution.

Exemple:



<div>
if($error){
echo('<span class="error'>error</span>');
}
//content
</div>


Is that risky and ugly to proceed like that?

:)

Velox Letum
01-04-2006, 11:10 PM
Just use .php pages. Eval() is needless.


<div>
<?php
if($error){
echo('<span class="error'>error</span>');
}
?>
//content
</div>

However, all code must be enclosed in php tags, regardless if it is parsed as PHP or not. If you truly want to have .html extensions, you can just force .html pages to be run through the PHP interpreter so that the code in the section above would be run. In a .htaccess in the root web directory (usually /public_html) you'd put:


<Files *.html>
ForceType application/x-httpd-php
</Files>



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum