Greetings,

I'm trying to develop a page content wizard, as follows - I have divided up every page into four sections: header, navbar, content area, and footer. Everything except the content area is the same on every page of the site; I simply require the header, navbar, and footer at the appropriate place on each page.

Now I want to pull the content information for each page out of a MySQL database. This allows me to easily design wizards that allow users to edit the content area of any page. Here's my question, though - what if I want to let my users include PHP code in the content areas? Is there a way to do that? I can't just echo the string to the browser, because it won't be interpreted by mod_php, it will just get echoed as a text string.

I've thought of writing the content area information to a temporary file, then requiring the temporary file, but that seems cumbersome, and you have to worry about filelocking, and purging old files, etc - can anyone think of another way to do this! Many thanks for any auggestions!

-Josh

You could have them put in tags like this: [php]echo(their code)[/php] and then do a string replace and repace them with " and then they wouldn't be counted as a string.


(you do realize that it is like beyond unsecure to let your users do this right? What are you gonna do if they put php in that drops your DB? or a forever loop that brings the server down every time the page is called?)

yes, what you are proposing is a very bad idea...

in fact letting the users do anything to the content on your page besides letting them add strings is bad...

I realized the security implications. However, this is not something I am letting just any joe log onto - I hope to use it to speed internal development. Anybody using this already knows and codes PHP write onto the webserver, and this is just to help speed things up a bit and make it simpler. At any rate, I realized that I could simply use the eval() function to do what I needed. I come from C++ land, and I'm still not totally familiar with the PHP function library. Thanks for your thoughts.