Storing PHP code in MySQL

Discussion in 'PHP' started by Rahul Bose, Jul 20, 2010.

0
  1. #1
    I am trying to store all the unique page content for a website in a table. The problem is that on some pages the content is PHP. MySQL won't seem to let me enter content entered from a form textarea when it contains PHP start or end tags (<?php). The database simply won't update the record.

    I need to know what needs to be done to make it store records that contain these tags.
     
    Rahul Bose, Jul 20, 2010 IP
  2. Rainulf

    Rainulf Active Member

    Messages:
    373
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    85
    #2
    You need to know the basics of PHP+MYSQL. Just how far are you now? It would help if you post what you have so far. :)
     
    Rainulf, Jul 20, 2010 IP
  3. danx10

    danx10 Peon

    Messages:
    1,179
    Likes Received:
    44
    Best Answers:
    2
    Trophy Points:
    0
    #3
    Use htmlspecialchars() and mysql_real_escape_string() ;)
     
    danx10, Jul 20, 2010 IP
  4. z0e0u0s

    z0e0u0s Peon

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    You also may wanna take a look at this

    http: //us2.php.net/eval <----- Remove the space after the colon, I can't post links yet :D
     
    z0e0u0s, Jul 20, 2010 IP
  5. sacx13

    sacx13 Active Member

    Messages:
    438
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    58
    #5
    z0e0u0s is correct. Use eval to run your code after you fetch it from database. Just get the page from DB and check if contains "<?" then run it with eval.
    The links is http: //us2.php.net/eva
     
    sacx13, Jul 20, 2010 IP
  6. danx10

    danx10 Peon

    Messages:
    1,179
    Likes Received:
    44
    Best Answers:
    2
    Trophy Points:
    0
    #6
    The OP does'nt want to execute the PHP, the OP wan'ts to insert PHP code to the db, theirfore needs to escape it so it can be parsed/inserted into the db.
     
    danx10, Jul 20, 2010 IP
  7. bencummins

    bencummins Peon

    Messages:
    55
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #7
    You will probably find that the query is erroring

    Depending on whether you're using mysql or mysqli, you can trap the error as follows

    <?
	$phpCode = "<?PHP echo \"hello\";?>";


	// mysql

	$db = mysql_connect("server", "user", "pass");
	mysql_select_db("mydb", $db);

	$sql = "INSERT INTO myTable (theField) VALUES ('" . mysql_real_escape_string($phpCode) . "'";

	mysql_query($sql) or die("Insert failed: " . mysql_error());


	// mysqli

	$db = new mysqli("server", "user", "pass", "mydb");
	$sql = "INSERT INTO myTable (theField) VALUES ('" . $db->real_escape_string($phpCode) . "'";

	$db->query($sql) or die("Insert failed: " . $db->error);

?>
    PHP:
     
    bencummins, Jul 20, 2010 IP
  8. seofast

    seofast Guest

    Messages:
    36
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #8
    Did you look at the link that Jatar gave you and follow Warboss' advice?

    I'll warn you that eval isn't a function to cut your php teeth on. When you use it, it's crucial that the argument be valid php code. Try running this test to get the hang of it.

    [codeHOLD1]

    The value I've given to $row[0] is the kind of valid code that you'll be required to have in your database in order for eval to work. Getting it in there, however, is another matter.

    I hope this helps.
     
    seofast, Jul 21, 2010 IP