ansaurus

Question

Answer 1

A:

You shouldn't eval the php code, just run it. It's need to be php interpreter installed, and apache+php properly configured. Then this .php file should output Hello World.

Answer to the edit: Use preg_replace_callback to get the php part, eval it, replace the input to the output, then echo it. But. If you should eval things come from database, i'm almost sure, it's a design error.

erenon 2009-06-21 22:39:42

Thank you, however this is not the case, as the line of php is in the string... and I have a variable which has the string stored in it. When I echo the variable to screen, it echo's the raw PHP code too...

Tisch 2009-06-21 22:46:28

Response to the 2nd Part Answer: Thankyou, I will give this a go. You're probably write about the design error! It's a personal project of mine so its all my own design... which is most probably wrong! But you live and learn :)

Tisch 2009-06-21 22:51:26

Keep the code in the php source files, and the content in the database. You can put e.g. bbcode tags into the database stored contents and parse them, but it's highly not recommended to mix php codes and content. It's error prone, makes security issues, bad at performance, hard to maintain, etc. Separate the code and the content. The more about the concrete problem the more i can help.

erenon 2009-06-21 22:57:21

I agree with keeping things seperate. I am trying to implement a similar feature to drupal's block system... where you can write a quick block and then place it where you like. Ideally, I want to be able to echo the box where I please at a later date with something like: <?=$block[$i]['body']?>

Tisch 2009-06-21 23:02:45

Answer 2

+4 A:

$str = "Hello
<?php echo 'World';?>";

$matches = array();

preg_match('/<\?php (.+) \?>/x', $str, $matches);

eval($matches[1]);

This will work, but like others have and will suggest, this is a terrible idea. Your application architecture should never revolve around storing code in the database.

Most simply, if you have pages that always need to display strings, store those strings in the database, not code to produce them. Real world data is more complicated than this, but must always be properly modelled in the database.

Edit: Would need adapting with preg_replace_callback to remove the source/interpolate correctly.

David Caunt 2009-06-21 22:54:00

Thats worked a treat. Thankyou. I think I will re-evaluate how to structure my project on this advice.

Tisch 2009-06-21 22:59:26

Happy to help. Something like erenon's suggestion sounds good. If you want to have some dynamic functionality in your blocks, like displaying some entity, consider putting a marker/bbcode in with the html, and replace it using string/regex replacement functions

David Caunt 2009-06-21 23:31:28

Answer 3

A:

eval() should work fine, as long as the code is proper PHP and ends with a semicolon. How about you strip off the php tag first, then eval it.

The following example was tested and works:

<?php
$db_result = "<?php echo 'World';?>";
$stripped_code = str_replace('?>', '', str_replace('<?php', '', $db_result));
eval($stripped_code);
?>

Just make sure that whatever you retrieve from the db has been properly sanitized first, since you're essentially allowing anyone who can get content into the db, to execute code.

Martijn Heemels 2009-06-21 22:57:15

ansaurus

tags:

views:

answers:

how to eval() a segment of a string

related questions