Skip to content Skip to sidebar Skip to footer
Home / Content Management System / Html / Php

Type Php Code Into Textarea, Store In Database, Then Execute

Post a Comment
Anybody have any idea how I might go about doing something like this. I've got a textarea setup to allow users to edit page content. the content is then stored in a database and is

Solution 1:

You can use the PHP eval() method to execute the PHP code returned from the database - just as if it was actually written in your PHP file directly.

e.g.

<?phpeval("echo('hello world');");
?>

Prints:

hello world

Solution 2:

You can use eval for this purpose.

http://php.net/manual/en/function.eval.php

Solution 3:

eval() is as James Goodwin and Gazler say in fact the only way to execute PHP code from string data.

In addition to the security consequences - it will become possible to compromise your whole web site by gaining access to your mySQL data - this approach will make code very hard to debug, as you will have to follow all error messages through the eval()d code.

Solution 4:

I attempted to do this same thing, but with the addition of tags and normal HTML tags. This will not work. If you need to store HTML along with your PHP, consider a more XHR solution that relies less on PHP code for every page.

Solution 5:

Consider another alternative. Really.

Regardless of any security checks you do, function parsing, etc., this is still an EXTREMELY bad idea.

A slightly less bad idea, why not look into a templating solution like http://www.smarty.net or http://www.google.com/search?q=php+template+engine

Post a Comment for "Type Php Code Into Textarea, Store In Database, Then Execute"