type php code into textarea, store in database, th

2019-08-05 06:17发布

站内问答 / PHP
841 6 4

Anybody have any idea how I might go about doing something like this.

I've got a textarea setup to allow users to edit page content. the content is then stored in a database and is retrieved on the frontend by php within an html template. something like:

<html>
yada yada...
<?php
echo get_page_contents_by_id($_GET['id']);
?>
yada yada...
</html>

its all run in a .php file, in case anyone wanted to call that out.

What I'm wondering is, because I'm getting the content from the database via php, is there any way that I can retrieve php code within that content and still run it without doing any sort of file writing.

6条回答
爷、活的狠高调
2楼-- · 2019-08-05 06:25

Consider another alternative. Really.

Regardless of any security checks you do, function parsing, etc., this is still an EXTREMELY bad idea.

A slightly less bad idea, why not look into a templating solution like http://www.smarty.net or http://www.google.com/search?q=php+template+engine

查看更多
0人赞 添加讨论(0) 举报
聊天终结者
3楼-- · 2019-08-05 06:28

eval() is as James Goodwin and Gazler say in fact the only way to execute PHP code from string data.

In addition to the security consequences - it will become possible to compromise your whole web site by gaining access to your mySQL data - this approach will make code very hard to debug, as you will have to follow all error messages through the eval()d code.

查看更多
0人赞 添加讨论(0) 举报
你好瞎i
4楼-- · 2019-08-05 06:29

I attempted to do this same thing, but with the addition of tags and normal HTML tags. This will not work. If you need to store HTML along with your PHP, consider a more XHR solution that relies less on PHP code for every page.

查看更多
0人赞 添加讨论(0) 举报
家丑人穷心不美
5楼-- · 2019-08-05 06:29

Below is the code to execute the code in textarea.

    <?php 
if($_POST){
    print_r($_POST);
    extract($_POST);
    $file = rand(1000,10000);  // creating file with random number
    file_put_contents($file.'.php', '<?php '.$code.' ?>');
    ob_start();
    include $file.'.php';
    echo ob_get_clean();
    unlink($file.'.php');   // deleting the created file after execution.
    die('test');
}
?>
<textarea id="testcode" ></textarea>
    <input type="submit" onClick="return changePermissions1()" />
    <script>
    function changePermissions1(){
        var code = {};
        code['code'] = $("#testcode").val();
        var pass_url = "executefile.php"; // there you can pass the code
        $.ajax({
            type        : "POST",
            beforeSend  : loadingStarts,
            url         : pass_url,
            data        : code,
            success     : function(responseText){`enter code here`
                loadingEnds();
                alert(responseText);
            }
        });
    }
    </script>
查看更多
0人赞 添加讨论(0) 举报
神经病院院长
6楼-- · 2019-08-05 06:36

You can use the PHP eval() method to execute the PHP code returned from the database - just as if it was actually written in your PHP file directly.

e.g.

<?php
eval("echo('hello world');");
?>

Prints:

hello world

查看更多
0人赞 添加讨论(0) 举报
聊天终结者
7楼-- · 2019-08-05 06:36

You can use eval for this purpose.

http://php.net/manual/en/function.eval.php

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)