View Full Version : php code stored in the db
01-02-2006, 10:41 PM
I have some html stored in MySql and now I have to add some PHP to it. This code will be loaded from the db and should be executed. Is that feasible?
Here is what is typically in the db:
echo('<span class="error">an error occured</span>');
And here is the file using the above code:
//db connection etc.
In this exemple, $row['content'] is what is retrieved from the db (cf. first code exemple).
Thanks in advance for your help
01-02-2006, 11:07 PM
I'd sugest you to find a different method than storing PHP code in the DB. Though if you really want to do it you'll have to use eval() (http://www.php.net/eval).
01-02-2006, 11:20 PM
eval() can be a security nightmare...but if you really want to do it that way, thats how you would. I'd suggest just storing it on the filesystem...I did a website entirely from the database once (including logo)...it wasn't pretty.
01-02-2006, 11:42 PM
if I store html in a db, how can avoid storing php in the db?
01-02-2006, 11:55 PM
You should store all of it out of the db, unless its just static content like a news article with HTML markup or something. If it has PHP weaved into it, store it in the filesystem.
01-03-2006, 12:14 AM
The only safe way to use eval is if you define acceptable PHP and check to make sure the code in the string is acceptable before using eval().
01-04-2006, 08:42 PM
Ok I'll check it out... But still, if I have a few if statements embedded in my html code, I thought that eval was a good solution.
Is that risky and ugly to proceed like that?
01-04-2006, 11:10 PM
Just use .php pages. Eval() is needless.
However, all code must be enclosed in php tags, regardless if it is parsed as PHP or not. If you truly want to have .html extensions, you can just force .html pages to be run through the PHP interpreter so that the code in the section above would be run. In a .htaccess in the root web directory (usually /public_html) you'd put:
Powered by vBulletin® Version 4.2.2 Copyright © 2016 vBulletin Solutions, Inc. All rights reserved.