Re: php in database entry...



jbk@xxxxxxxxxx wrote:
? "Jerry Stuckle" <jstucklex@xxxxxxxxxxxxx> ?????? ??? ?????? news:hebf8t$3nu$2@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
jbk@xxxxxxxxxx wrote:
? "Jerry Stuckle" <jstucklex@xxxxxxxxxxxxx> ?????? ??? ?????? news:he98tg$7fv$1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
jbk@xxxxxxxxxx wrote:
Hello there... i could need your knowledge here...


Problem:


In a database i have a field called extra_text
in which i store extra text... :-)


in my main php file i retrieve the field and i echo it ( echo $extra_text; )


everything ok till now... now i need in this field to have a php script to retrieve some info from another field, so lets say that the content in extra_text is "blabla bla <? $sql="SELECT more_info FROM something"; .....?>
so, when i then echo $more_info i get... NOTHING...


There is nothing wrong with my php since i have checked it as a seperated php file and it works normal...

So the problem must be that i echo the whole text with the php as a variable...

PleaSe help me out!

With regards JBK
First of all, it's a very bad idea to keep PHP (or any other script) code in a database. Along with being just a poor design, it is a huge security risk.

But you can't just echo the code and expect it to work. You need to execute the text with eval().

But you are much better off creating a proper design for both your code and your database.

I was sure that it is not a good idea... but
i have 10.000 entries and i currently need it for only 1!
i mean its no big deal....

So you thing, that instead of echo $extra_text i must use eval?

Thanx in advance!
JBK



(Top posting fixed)

Yes, you must eval() the code. And yes, it would be a big deal. Virtually ANY time you need to use eval(), you have a design problem. And EVERY time you use it, you have a huge security hole.

You really should find some other way to do what you want - like setting a flag in your database, for instance.

P.S. Please don't top post. Thanks.

> sorry... wasnt intended...
>
> Thanx for your (really) quick answers!
>
> I have to go against the 'right' things right now because i have a time
> limit which was... yesterday...
> Since i am the onlyone populating the database, it wont be such a great
> problem(i guess)...
> New problem...
>
> I am trying to use eval but... i only get the names of the variables... can
> you help me out????
>
> parent php:
>
> blabla bla
>
> $sql = "SELECT extra_text FROM somewhere where id=123";
> //$what = mysql_query($sql);
> $results = mysql_query($sql);
> while ($row = mysql_fetch_array($results)) {
> extract($row);
>
> }
> $sql9 = "SELECT more_info FROM venzinadika WHERE ven_id=123";
> $reesults9 = mysql_query($sql9);
> while ($reaow9 = mysql_fetch_array($reesults9)) {
> extract($reaow9); }
>
>
> bla bla....
>
> eval("\$extra_text = \"$extra_text\";");
> echo $extra_text;
>
>
> So IN the db i have this:
> <table width="95%" border="0" cellspacing="2" cellpadding="2">
> <tr>
> <td>???????? 95</td>
> <td>$more_info</td>
> </tr>
> <tr>
> <td>Super</td>
> <td></td>
> </tr>
> <tr>
> <td>???????? 100</td>
> <td>&#8364;</td>
> </tr>
> <tr>
> <td>????????? ???????</td>
> <td>&#8364;</td>
> </tr>
> <tr>
> <td>????????? ?????????</td>
> <td>&#8364;</td>
> </tr>
> </table>
>
>
>
> BUT as i said, i only get the name of the variable...
>
> It might sound stupid and/or easy.. but i am stuck...
>
> Thanx in advance!
>
>

(top posting fixed again)

Being late is even more reason not to do it this way. And whether you are the only one to update the database or not, this is a huge security concern.

Do it right. Set a flag in the database (create a new column if you must) and test for the flag in your code. Had you done this in the first place, you would have been done hours ago.

And once again - PLEASE DON'T TOP POST!

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.



Relevant Pages

  • Re: php in database entry...
    ... in my main php file i retrieve the field and i echo it ... now i need in this field to have a php script to ...
    (comp.lang.php)
  • Re: php in database entry...
    ... Since i am the onlyone populating the database, it wont be such a great ... in my main php file i retrieve the field and i echo it (echo ... But you are much better off creating a proper design for both your code ...
    (comp.lang.php)
  • Web Developers - Happy Hearts And HDTV! - Lockergnome
    ... Certificate on your MSIIS Web server. ... getting data from a database is only half the problem. ... Zend recently started a series about building rock solid code in PHP. ... which provides bulk database conversion. ...
    (freebsd-questions)
  • Re: ********Caution Newbie********editing and deleting from mysql database
    ... echo $movie_name; ... delete record's from database -- User chooses which record to update ... Yes Jerry, I agree the coder should know what they are dealing with, but since I was not the coder and was going off the code sent I stated that the int function would only work if the id 'was' an int. ...
    (comp.lang.php)
  • Re: ********Caution Newbie********editing and deleting from mysql database
    ... echo $movie_name; ... delete record's from database -- User chooses which record to update ... Secondly where are you getting the $movie_id value from for your query? ...
    (comp.lang.php)