Keep in mind, eval()ing code you pull from the database will also raise the damage from a SQL injection attack or similar from a PITA restore-your-database to a much bigger PITA format-webserver. -Josh -- My name was Brian McGee I stayed up listening to Queen When I was seventeen Josh 'G-Funk' McDonald :: Pirion Systems, Brisbane 07 3257 0490 :: 0437 221 380 :: josh@xxxxxxxxxxxx -----Original Message----- From: Richard Lynch [mailto:ceo@xxxxxxxxx] Sent: Monday, 31 October 2005 3:57 PM To: John Taylor-Johnston Cc: php-general@xxxxxxxxxxxxx; Jasper Bryant-Greene Subject: Re: eval(); On Sun, October 30, 2005 8:51 pm, John Taylor-Johnston wrote: > eval( " ?> $contents <?php " ); > >>However, if eval() is the answer, you're probably asking the wrong >>question. You should take a hard look at your code and think of a >>better way to do what you need to do. >> >> > Back to the drawing board? It is either store my html+embedded code in > a mysql record, or in an html file, which means playing with fopen. > It's easier to hand tweak in phpmyadmin. > Nonetheless, even though your test code worked (thanks!) this doesn't. > Sigh. > > if ($contents = displaynew()){ echo "CONTENTS:<pre>", htmlentities($contents), "</pre>\n"; eval( " ?> $contents <?php " ); } I'm guessing $contents ain't what you think. > > function displaynew() > { > $file = basename($_SERVER['PHP_SELF']); > require 'connect.inc'; > $sql = "SELECT HTML FROM `$db`.`$table_editor` WHERE `Filename` > LIKE '".addslashes($file)."' LIMIT 1;"; > if ($myquery = mysql_query($sql) and mysql_num_rows($myquery) > 0) This 'and' should probably be '&&' ... Though I never really used 'and' enough to know for sure. At any rate, you've got *NO* error-checking for an invalid query here. > { > $mydata = mysql_fetch_array($myquery, MYSQL_NUM); > return $mydata[0]; > } > return false; > } -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
