[SpaceMan]

hi all,

is it posible to load php from a mysql database?
if so how?

like inludes
i have tryed it and the data was in the database but would not load it.
many thx

[skyhawk133]

Sure is, you'll want to execute your query and get the result in to a variable, then do this <? eval($result); ?>

The eval function will cause whatever is in the $result variable to be executed as PHP, I do not suggest letting users input PHP in to the database, but this is an excelent technique for building templates and storing them in a database.

[SpaceMan]

awesome, thx. no not for users.
although i am not shure i completely understand.
i add this to database? or to page i thinking.
<? eval($result); ?>
were to put what?
$result = "echo "stuf"; include("thatfile.php");";

many thx

[skyhawk133]

Nope, if you have your query:

<?
$sql = "SELECT code FROM templates;";

// execute SQL query and get result
$sql_result = mysql_query($sql,$connection)
    or die(mysql_error()); 
?>

And you echo it out like this:

<?
// Loop through the data set and extract each row in to it's own variable set

while ($row = mysql_fetch_array($sql_result)) {
    extract($row);

//Evaluate the code that was retrieved from the database, any code in the result will be executed as PHP
eval($code);

// End while loop
}
?>

So in your database, you could put ANY php code you want and it will be executed when you pull it back on your page.

If this isn't what you are trying to do, lemme know and I'll try to understand what you need to accomplish.

[SpaceMan]

awesome, got it.
many thx

[skyhawk133]

Excellent, glad we were able to help!

[cyberscribe]

One other small point on this topic -- if you just want to store data structures (like arrays) you can use serialize() to put the structure into a string format and unserialize() to return it to a variable. A bit safer than eval(), which can have security consequences if you ever include user-modifiable input in the statement to be eval()'d.

Also, consider enclosing the string to be eval'd in {} instead of using eval() for simple variable evaluations, etc. It's much faster.

[SpaceMan]

cyberscribe, on Dec 15 2004, 12:06 AM, said:

One other small point on this topic -- if you just want to store data structures (like arrays) you can use serialize() to put the structure into a string format and unserialize() to return it to a variable. A bit safer than eval(), which can have security consequences if you ever include user-modifiable input in the statement to be eval()'d.

Also, consider enclosing the string to be eval'd in {} instead of using eval() for simple variable evaluations, etc. It's much faster.

not completely understand.
get the idea, but still a bit of a novice to php.
i do best with an example.

[Amadeus]

cyberscribe, on Dec 15 2004, 02:06 AM, said:

One other small point on this topic -- if you just want to store data structures (like arrays) you can use serialize() to put the structure into a string format and unserialize() to return it to a variable. A bit safer than eval(), which can have security consequences if you ever include user-modifiable input in the statement to be eval()'d.

Cyberscribe, what's your take on this? I know you work with PHP a great deal, I'd be interested to hear your opinion. Seems to me you'd be able to avoid most problems by validating user input.