tags:

views:

65

answers:

3
+1  Q: 

Processing PHP in a database

Hi, I have a basic cms that stores pages in a table in a mysql database - is it possible for me to include PHP in a page and then have PHP process it rather than just output it as-is?

+1  A: 

I think you'd have to use eval() to do such a thing. So yeah, possible but not recommended.

Darrell Brogdon  2009-12-13 19:06:45
Can I ask what the security problems with this would be? (I am the only person who can add content to the database and I do this via phpmyadmin)
el joe  2009-12-13 19:07:23
I think you would have more issues with performance than security. eval() is pretty expensive since PHP has to essentially spawn another interpreter for each call of eval().
Darrell Brogdon  2009-12-13 19:08:52
Ah thank you :)
el joe  2009-12-13 19:10:08
Also, that would be—at best—inconvenient to debug.
wallyk  2009-12-13 19:12:56
Are you sure that you're the only one with access to the database?Using eval would turn a simple SQL-injection into a security nightmare.
tstenner  2009-12-13 19:46:49
+2  A: 

You can use eval (http://php.net/manual/en/function.eval.php)

But remember that eval is evil

Nir Levy  2009-12-13 19:10:18
thanks Ewan, my bad
Nir Levy  2009-12-13 19:21:10
+1  A: 

As both suggestions have indicated, using eval() is not recommended and poses a serious security issue.

Your best bet would be to create a basic templating system. You could have a pre-determined set of PHP code blocks on the frontend which are triggered by certain key values on the backend, i.e. {show_categories} could be a tag that when parsed, gets replaced with all categories.

To implement such functionality you would have to search for the particular template key values. If any such key values are found, run the associated code with that key value and replace the key with the code.

A very basic example of finding and replacing a template key:

// check if the show_categories key is found
if (strpos($body, '{show_categories}') !== false) {
    // generate the show categories output from a PHP function
    $categories = getCategoriesOutput();
    // replace key with content 
    str_replace('{show_categories}', $categories, $body);
}
cballou  2009-12-13 19:14:43
+1: Smarty or Phable would be an option
OMG Ponies  2009-12-13 19:20:01

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL