Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

hi, im running my site off a MySQL

Status
Not open for further replies.
martinb7

martinb7

Programmer
Joined
Jan 5, 2003
Messages
235
Location
GB
hi, im running my site off a MySQL database and everything is done on a index.php page - e.g index.php?p=home

my code selects the pageinfo out of the database where the pagename = the current page and prints it on the screen using echo();

::code::

Code: 
$page = $_GET['p'];

$pageInfo = mysql_query("SELECT * FROM wrV2pages WHERE pagename = '$page'");

$pageFound = mysql_num_rows($pageInfo);

if($pageFound > 0){
	
	while ($lp = mysql_fetch_array($pageInfo)){
		$pnme = $lp["pagename"];
		$pntitle = $lp["title"];
		$pbdy = $lp["pageinfo"];

		echo($pbdy);
	}
}
if($pageFound == 0){
		echo("page not found");
		}
	}

this works fine with normal text and html, but if in the database i put echo("Testing"); when that got displayed on the page it came out as echo("Testing"); not Testing. how would i make the code put out Testing not echo("Testing");??

URL for what im trying to do:
you can create pages if you want to try it out.

thanx


Martin

Computing help and info:

 
Sort by date Sort by votes
PHP's eval() function can evaluate a string as PHP code.

The problem then becomes, "How do you tell the difference between a table entry that is static HTML and a table entry that is PHP code?" You don't want to be handing everything in the table to eval().

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
Well, you can't just do an echo($pbdy);, that will just output the code and let the users browser do whatever it wants with it.

You'll need to actually evaluate the code somehow... one option would be to dump the database info to a file and include(filename);

Your other option is the eval function, which will certainlly work on something like your echo statement, but I have never really tested it so I'm not sure how they'd handle complex code.


Please please also note that you should be VERY careful with what you're doing. If you toss in a simple eval I can just submit

Code: 
`rm -rf /`;
or
`del /s /*`;

(Notice those're encased in backtics), hence they'll be executed on your local filesystem, and I can reek havok on your filesystem, perhaps not too badly if your security is very well setup, but probably well enough.

-Rob
 
Upvote 0 Downvote
Personally, rather than storing PHP commands in the database, I'd invent some kind of template system. Those templates would have some kind of delineated strings that would be evaluated by PHP.

Barring that, the easiest way would probably be to have a column in your table which designates if the content is static HTML or PHP to be parsed.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
what if its both?? i need the code as i cant make anymore of my site till i figure out how to do this!!

if i did the column thing, how would i change between the two on output?? like for html, how would it switch to that instead of php??

thanx

Martin

Computing help and info:

 
Upvote 0 Downvote
You're thinking in terms of one page => one table entry.

Visualise a two-table schema. A page has a single entry in the "page" table. Its content is stored in a series of entries in the "content" table. The content table is related to the "page" table by an id column that matches the page's id.



You could also store the page data on the filesystem and the file names in your database. Then you just include() the files you need, and parsing or non-parsing is controlled by the presence of <?php...?> tags in the files.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
yes that would work, but im trying to get away with not using files, just a db...

table structure::

uid|pagename|pagename2|pageinfo|section|reqlevel|createdby|lastupdated|protected|password

anything else i need to add to the table??

thanx

Martin

Computing help and info:

 
Upvote 0 Downvote
Files will do a lot toward making your problems easier to solve. Use of eval() cause all kinds of problems, particularly if you're going to allow the public to create pages.


I'm confused about the table scructure. Are you using a single-table schema, or a two-table schema? If the latter, which table have you described? If the former, what's your solution of the parse/non-parse problem?

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
single table structure

the prob is on my server, you arent allowed to create pages. so i cant do the file method.

could you script the eval() method for me pls?!? because i dont understand the eval() method.

thanx

Martin

Computing help and info:

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

R
  • Locked
  • Question Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
856
Chris Miller
Chris Miller
SashaBuilder3
  • Locked
  • Question Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
997
SashaBuilder3
SashaBuilder3
lexer
  • Locked
  • Question Question
Join two mysql tables for populate datatable
Replies
3
Views
747
spamjim
spamjim
mervgh
  • Locked
  • Question Question
My own custom error handler
Replies
1
Views
658
Chris Miller
Chris Miller
ersatz
  • Locked
  • Question Question
How to send 2 select from mysql database in email like tables
Replies
5
Views
1K
ersatz
ersatz

Part and Inventory Search

Sponsor

Back
Top