|How do I execute PHP that is stored in a MySQL database?||#1|
I'm trying to write a page that calls PHP that's stored in a MySQL database. The page that is stored in the MySQL database contains PHP (and HTML) code which I want to run on page load.
How could I go about doing this?
posted date: 2008-09-03 02:14:00
|Re: How do I execute PHP that is stored in a MySQL database?||#3|
You can look at the eval function in PHP. It allows you to run arbitrary PHP code. It can be a huge security risk, though, and is best avoided.
posted date: 2008-09-03 02:17:00
Erik van Brakel
|Re: How do I execute PHP that is stored in a MySQL database?||#4|
You can use the eval command for this. I would recommend against this though, because there's a lot of pitfalls using this approach. Debugging is hard(er), it implies some security risks (bad content in the DB gets executed, uh oh).See (blogpost by a random person) Eval is Evil for instance. Google for Eval is Evil, and you'll find a lot of examples why you should find another solution.Addition: Another good article with some references to exploits is this blogpost. Refers to past vBulletin and phpMyAdmin exploits which were caused by improper Eval usage.
posted date: 2008-09-03 02:18:00
|Re: How do I execute PHP that is stored in a MySQL database?||#5|
function was covered in other responses here. I agree you should limit use of
unless it is absolutely needed. Instead of having PHP code in db you could have just a class name that has method called, say,
. Whenever you need to run your custom PHP code just instantiate the class of name you just fetched from db and run
on it. It is much cleaner solution and gives you great field of flexibility and improves site security significantly.
posted date: 2008-09-03 02:47:00
|Re: How do I execute PHP that is stored in a MySQL database?||#6|
Have you considered using your Source Control system to store different forks for the various installations (and the modules that differ among them)? That would be one of several best practices for application configuration I can think of. Yours is not an unusual requirement, so it's a problem that's been solved by others in the past; and storing code in a database is one I think you'd have a hard time finding reference to, or being advised as a best practice.Good thing you posted the clarification. You've probably unintentionally posed an answer in search of a suitable question.
posted date: 2008-12-21 20:15:00
kneeskrap3r - Phil Gapp
|Re: How do I execute PHP that is stored in a MySQL database?||#7|
$x // your variable with the data from the DB<?php echo eval("?>".$x."<?") ?>
Let me know, works great for me in MANY applications, can't help but notice that everyone is quick to say how bad it is, but slow to actually help out with a straight answer...
posted date: 2009-09-24 08:05:00
|Re: How do I execute PHP that is stored in a MySQL database?||#8|
I fixed your markdown - if you don't indent code four spaces,
gets treated as an HTML tag and becomes hidden
posted date: 2010-02-07 18:37:00
|Re: How do I execute PHP that is stored in a MySQL database?||#9|
+1 This solution is practically working. Just applying eval($x) is NOT solving the issue as its breaking the code at the "<" sign. So this answer solves the problem. Cheers to Gapp!
posted date: 2013-03-14 10:21:00
|Re: How do I execute PHP that is stored in a MySQL database?||#10|
Thanks for this question. Contrary to many of the "answers" below, this is a good and useful one. There are many LEGIT uses where you'd want to store PHP commands in a DB. To say "don't do it" without knowing the circumstances is just arrogant.
posted date: 2013-03-26 18:34:00
|Re: How do I execute PHP that is stored in a MySQL database?||#11|
excerpt from "Eval is evil": "Allowing any user-supplied data to go into an eval( ) call is asking to be hacked." - OK, what if I use my own code stored in DB and used e.g. for dynamic and rapid custom form generation?
posted date: 2013-05-10 06:38:00
Erik van Brakel
|Re: How do I execute PHP that is stored in a MySQL database?||#12|
@Jeffz you'd better be very sure that no bad code ends up in there then. Besides, why would you stick it in a database and not just in a few code files?
posted date: 2013-05-10 08:36:00
|select page: « 1 2 »|