Re: [PHP] Parsing database variables

From: jochem@xxxxxxxxxxxxx (Jochem Maas)
Date: Sat, 31 Mar 2007 00:58:38 +0200

Jake McHenry wrote:

Sorry.. Typos... But that's not the point... I looked the function... Dunno
how I missed it.... Thanks... Do you know if eval() has any size limitations
to it? The database fields are about a page each....

about a page each heh .... that's like saying 'How Long is a chinaman'.

that said there is no specific limit to eval()s input ... although it is
always a comparatively slow way of running code and the ammount of RAM you
have generally limits you in some way ;-)

eval() is 'evil's younger cousin. you are better off in the long term
using either str_replace() or preg_replace() to replace the variable markers
in the 'page' content with. an example:

BTW: DO NOT RUN THE FOLLOWING CODE IF YOU KNOW WHAT IS GOOD FOR YOU!!!
(note the evil 'rm -rf' in part 2)

<?php

$name = 'Joe';
$ppe = '1-1-1970';
$string = '$namePeriod Ending Date: $ppe';
eval('$string = "'.$string.'";')
echo $string;

// life good

$name = 'Joe';
$ppe = '1-1-1970';
$string = '$name".exec('rm -rf ./')."Period Ending Date: $ppe';
eval('$string = "'.$string.'";')
echo $string;

// life sucks

?>

Thanks,
Jake

-----Original Message-----
From: Jay Blanchard [mailto:jblanchard@xxxxxxxxxx]
Sent: Friday, March 30, 2007 4:50 PM
To: Jake McHenry; php-general@xxxxxxxxxxxxx
Subject: RE: [PHP] Parsing database variables

[snip]
I have a database table with this in it:

$name
Period Ending Date: $ppe
Etc.......

And in my script, these variables exist and have values. Is
there a way
for
me to get the output from mysql_query to use the current script
variables in
place of the same variable name within the database output?
[/snip]

a. Bad HTML, always use a closing tag like 
b. Check http://www.php.net/eval

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.23/740 - Release
Date: 3/30/2007 1:15 PM

References:
- RE: [PHP] Parsing database variables
  - From: "Jake McHenry"

Prev by Date: Re: [PHP] Parse error help.., thanks..
Next by Date: FastCGI + PHP5
Previous by thread: RE: [PHP] Parsing database variables
Next by thread: Re: [PHP] Parsing database variables
Index(es):
- Date
- Thread

Relevant Pages

[NEWS] IBM Informix Web DataBlade Local Root by Design
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... that ease development of "intelligent", interactive, Web-enabled database ... person who has access to change the Perl script. ...
(Securiteam)
RE: Need some MySQL query help...
... attempting to run the script: ... passed to the database. ... passwd entry to the current database entry. ...
(perl.dbi.users)
Re: Function that returns date of file.
... string after the date/time when it is used by itself. ... Is that your entire script? ... I make an IF statement that required the 'equals equals'. ... designed database your job will be all that much harder. ...
(alt.php)
Re: script dies yet there are no errors in error log
... It might be better to ensure the case of the entries in the database, ... This kind of error usually is caused by a CGI or PHP failing to ... input could not be more simple, just a bunch of UPC codes, one per line: ... Given 15 such numbers, the script does fine. ...
(comp.lang.php)
Re: Cannot Open SQL Server Table in Access.ADP File.
... I dont think that SQL Server will take 'veiw dependencies' into effect; ... Generate Script Wizard did not work on my original database, ... After fixing some of my tables and a few stored procedures and views, ...
(microsoft.public.access.adp.sqlserver)