Re: eval();

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, October 30, 2005 8:51 pm, John Taylor-Johnston wrote:
> eval( " ?> $contents <?php " );
>
>>However, if eval() is the answer, you're probably asking the wrong
>>question. You should take a hard look at your code and think of a
>> better
>>way to do what you need to do.
>>
>>
> Back to the drawing board? It is either store my html+embedded code in
> a
> mysql record, or in an html file, which means playing with fopen. It's
> easier to hand tweak in phpmyadmin.
> Nonetheless, even though your test code worked (thanks!) this doesn't.
> Sigh.
>
> if ($contents = displaynew()){
echo "CONTENTS:<pre>", htmlentities($contents), "</pre>\n";
 eval( " ?> $contents <?php " );
}

I'm guessing $contents ain't what you think.


>
> function displaynew()
> {
>    $file = basename($_SERVER['PHP_SELF']);
>    require 'connect.inc';
>    $sql = "SELECT HTML FROM `$db`.`$table_editor` WHERE `Filename`
> LIKE
> '".addslashes($file)."' LIMIT 1;";
>    if ($myquery = mysql_query($sql) and mysql_num_rows($myquery) > 0)

This 'and' should probably be '&&' ...

Though I never really used 'and' enough to know for sure.

At any rate, you've got *NO* error-checking for an invalid query here.

> {
>        $mydata = mysql_fetch_array($myquery, MYSQL_NUM);
>        return $mydata[0];
>    }
>    return false;
> }


-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux