duanlian1320 2011-02-21 22:26
浏览 13
已采纳

是否可以执行从MySQL查询结果返回的PHP代码?

The issue I am having is as follows: I have a MySQL table that contains details for page content I wish to display on my site. The content for one of my pages however I wanted to contain some actual PHP code to be executed, not just printed as a string. For example:

require_once("Class.php");
Class::Function("Some Text For a Parameter");

I want this code to execute somehow when the sql query is returned but as it stands, it just prints that text out. Is there a way to achieve what I want?

Thankyou in advance for your time,

Regards,

Stephen.

  • 写回答

3条回答 默认 最新

  • douyi4991 2011-02-21 22:42
    关注

    they are several ways to achieve the storage of dynamic elements :

    • eval(str) : you can evaluate as php code any string coming from you database. This is not very wise if what is stored in the database comes directly from a user input field. You never know what is going to be inserted and it could potentially be harmful code (harmful to the security of your server)

    • save / include : you could save what comes from your database in a temporary file and include() that file in-place in your php code. This does not seem to be secure either if anyone can store anything in your database

    • use a templating engine that has a reasonnable command footprint like smarty or mustache. you can store the templates in your database and execute them. If you trust the implementation of the templating language (and disable native php calls inside smarty for example) the template will need to have a correct syntax before execution can begin

    As a general rule of thumb, it is very hard to protect such dynamic php code inclusion, so it should be considered as bad practice.

    You should consider a DSL (domain specific language) for which you will trust the parser/compiler and execution engine.

    If security is not a concern (because your application will not be public for example) then it can be perfectly valid and effective to store php fragments in the database.

    I hope this will help you

    Jerome Wagner

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 请问为什么我配置IPsec后PC1 ping不通 PC2,抓包出来数据包也并没有被加密
  • ¥200 求博主教我搞定neo4j简易问答系统,有偿
  • ¥15 nginx的使用与作用
  • ¥100 关于#VijeoCitect#的问题,如何解决?(标签-ar|关键词-数据类型)
  • ¥15 一个矿井排水监控系统的plc梯形图,求各程序段都是什么意思
  • ¥50 安卓10如何在没有root权限的情况下设置开机自动启动指定app?
  • ¥15 ats2837 spi2从机的代码
  • ¥200 wsl2 vllm qwen1.5部署问题
  • ¥100 有偿求数字经济对经贸的影响机制的一个数学模型,弄不出来已经快要碎掉了
  • ¥15 数学建模数学建模需要