duanlian1320 2011-02-21 22:26
浏览 13
已采纳

是否可以执行从MySQL查询结果返回的PHP代码?

The issue I am having is as follows: I have a MySQL table that contains details for page content I wish to display on my site. The content for one of my pages however I wanted to contain some actual PHP code to be executed, not just printed as a string. For example:

require_once("Class.php");
Class::Function("Some Text For a Parameter");

I want this code to execute somehow when the sql query is returned but as it stands, it just prints that text out. Is there a way to achieve what I want?

Thankyou in advance for your time,

Regards,

Stephen.

  • 写回答

3条回答 默认 最新

  • douyi4991 2011-02-21 22:42
    关注

    they are several ways to achieve the storage of dynamic elements :

    • eval(str) : you can evaluate as php code any string coming from you database. This is not very wise if what is stored in the database comes directly from a user input field. You never know what is going to be inserted and it could potentially be harmful code (harmful to the security of your server)

    • save / include : you could save what comes from your database in a temporary file and include() that file in-place in your php code. This does not seem to be secure either if anyone can store anything in your database

    • use a templating engine that has a reasonnable command footprint like smarty or mustache. you can store the templates in your database and execute them. If you trust the implementation of the templating language (and disable native php calls inside smarty for example) the template will need to have a correct syntax before execution can begin

    As a general rule of thumb, it is very hard to protect such dynamic php code inclusion, so it should be considered as bad practice.

    You should consider a DSL (domain specific language) for which you will trust the parser/compiler and execution engine.

    If security is not a concern (because your application will not be public for example) then it can be perfectly valid and effective to store php fragments in the database.

    I hope this will help you

    Jerome Wagner

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

  • php查询mysql表里的数据_PHP/MYSQL 查询大数据/遍历表
    2020-12-19 14:59
    weixin_39602891的博客 PHPPHP 5.3.6 (cli) (built: Jun 15 2011 16:29:50)MYSQL:5.1.51如果我们有的一张表有几百万或几千万的记录,我们要使用 PHP 将所有的记录都获取过来(遍历数据表)进行处理。查询语句:SELECT * FROM largetable;...
  • 备份mysql数据库的php代码(一个表一个文件)
    2020-12-17 20:56
    `fetch_array`和`fetch_assoc`方法分别用于获取SQL查询结果的行数据,前者返回数字索引数组,后者返回关联数组,这在处理查询结果时非常有用,例如在导出数据到文件时。 在备份过程中,通常会使用`SELECT INTO ...
  • php mysql 查询内存溢出_php查询mysql返回大量数据结果集导致内存溢出的解决方法...
    2021-01-19 07:13
    Sang星星的博客 web开发中如果遇到php查询mysql返回大量数据导致...答案是: mysql_query 和 mysql_unbuffered_query 两个函数首先来分析一个典型的实例:在执行下面的代码的时候就会导致php请求mysql返回结果太多(10W以上)导致PHP...
  • php mysql 内存溢出_php查询mysql返回大量数据结果集导致内存溢出的解决方法
    2021-01-19 04:41
    老怪看盘的博客 web开发中如果遇到php查询mysql返回大量数据导致...答案是: mysql_query 和 mysql_unbuffered_query 两个函数首先来分析一个典型的实例:在执行下面的代码的时候就会导致php请求mysql返回结果太多(10W以上)导致PHP...
  • php查询mysql大批量数据导出excel
    2021-07-03 11:50
    康永叶的博客 公司的管理后台的列表导出 excel 功能,一次性导出上万条数据就会崩溃报错,而列表查询一天的数据行可能就有十几万条,无法满足需求,所以需要优化。 报错分析 运行环境:LNMP(ThinkPHP5框架) 代码: public ...
  • 大数据面试】MySQL面试题与答案
    2023-12-20 17:36
    话数Science的博客 数据库中的事务是什么,MySQL中是怎么实现的 MySQL事务的特性? 数据库事务的隔离级别?解决了什么问题?默认事务隔离级别? 脏读,幻读,不可重复读的定义 MySQL怎么实现可重复读? 数据库第三范式和第四范式区别? ...
  • php实现可用于mysql,mssql,pg数据库操作类
    2020-12-18 05:03
    - `Query` 函数在第151行,它接收一个SQL语句作为参数,执行查询操作,并返回查询结果。 5. **记录指针操作** - `DataSeek` 函数在第175行,可以将记录指针移动到指定的位置,便于遍历查询结果。 6. **字段信息...
  • php循环输出数据库内容的代码
    2020-12-18 07:50
    在处理数据库查询结果时,通常结合`mysql_fetch_array()`函数一起使用。该函数从结果集中获取一行数据,返回一个数组。以下是一个`do...while`循环输出数据库内容的例子: ```php $result = mysql_query("SELECT * ...
  • PHP无限循环获取MySQL中的数据实例代码
    2020-12-19 22:44
    在本文中,我们将深入探讨如何使用PHPMySQL实现一个无限循环的数据展示功能,该功能允许用户在网页上无限制地滚动浏览数据,当到达数据集末尾时,自动从开头继续加载新的数据。这种功能常见于新闻滚动或者无限滚动...
  • PHP优化之批量操作MySQL实例分析
    2020-10-15 10:01
    这种方式虽然简单易懂,但它的效率较低,因为每次执行`execute()`方法都会建立一次与MySQL服务器的通信,包括发送SQL语句、解析、执行返回结果等步骤。这在插入大量数据时会产生显著的延迟。 第二个代码段则采用...
  • 没有解决我的问题, 去提问