Running a PHP script from a DB

A

Anonymous

Guest
I'm trying to do my own version of WordPress - sort'a. So far I can: DB: id, page, text.
ie (14, 'bfpage7', '<html><body>now is the time</body></html>')

Then in index.php
$list = array (1,2,3...7,8...);
foreach ($list as $l)
(
$q1 = mysqli_query ($db1, "select text from table where page = 'bfpage$l';");
$r1 = mysqli_fetch_row ($q1);
echo "$r1[0]";
)

That works just fine. Now for my problem: I want to include this in the text:
<?php
include 'another.php';
$menulist = array ("Home|home.php", "Contact Us|contact.php", "About Us|about...
foreach ($menulist as $m)
... [build the menu]
?>

The problem is I don't get the menu (or any php output) I get the php code and not the results of the code. If I php_put_contents(file.php, $r1[0]) to a file and then "include 'file.php'; it works - but yuck!

Suggestions please
Thanks
 
I think you are looking for the eval() function. eval( $r1[0] )

Just make sure you never use it with any user-supplied parameters from $_GET or $_POST.
 
Eval function is for running the php code and it is very dangerous function, if you use it incorrectly (without right security) then someone may even take control of you server (download database and drop it, add code to sending spam or simply remove everything).

First of all you should consider how you want to store the menu items, wordpress store it in the database, to retrieve items in right order with children you need only the name of the menu. For now you can store it in array and move it to the database later:
Code: 
menu.conf.php
<?php
function getMenuItemsByName(string $menuName) {
    $allItems = [
        [
            'menuName' => 'main',
            'id' => 1,
            'label' => 'Home',
            'link' => '/home.php',
        ],
        [
            'menuName' => 'main',
            'id' => 2,
            'label' => 'Contact Us',
            'link' => '/contact.php',
        ],
        [
            'menuName' => 'main',
            'id' => 1,
            'label' => 'About Us',
            'link' => '/about.php',
        ],
    ];

    $wantedItems = [];
    foreach ($allItems as $item) {
        if ($item['menuName'] === $menuName) {
            $wantedItems[] = $item;
        }
    }

    return $wantedItems;
}

then to render the menu you can do this:
Code: 
<?php
include 'menu.conf.php';
$items = getMenuItemsByName('main');
foreach ($items as $item) {
    echo '<a href="' . $item['link'] . '">' . $item['label'] . '</a>';
}

Additionally as tekmunkey mentioned, you should not pass any parameters to sql query directly (read about SQL Injection). The mysqli_query is deprecated, so you should move to OPP version of mysqli or PDO:
Code: 
$q1 = $dbh1->prepare ($db1, "select text from table where page = :page");
$q1->execute([
    'page' => 'bfpage' . $l,
]); 
$r1 = $q1->fetch_row ();
 
php
$list = array(1, 2, 3...7, 8...);
foreach ($list as $l) {
$q1 = mysqli_query($db1, "SELECT text FROM table WHERE page = 'bfpage$l'");
$r1 = mysqli_fetch_row($q1);
echo $r1[0];
}

To include PHP code within the retrieved content, you can use the eval() function:

php
$list = array(1, 2, 3...7, 8...);
foreach ($list as $l) {
$q1 = mysqli_query($db1, "SELECT text FROM table WHERE page = 'bfpage$l'");
$r1 = mysqli_fetch_row($q1);
eval($r1[0]);
}

However, please note that using eval() can be risky if the content is not properly validated and sanitized, as it may introduce security vulnerabilities. Exercise caution and ensure that the code you evaluate is trusted and secure.
 
You must log in or register to reply here.
Back
Top