如何从MySQL数据库渲染PHP代码?
[英]How I could Render PHP code from MySQL database?
问题描述
I am creating some kind of custom CMS (home automation). 
我正在创建某种自定义CMS(家庭自动化)。 Well I am not a PHP developer - just hobbyist. 好吧,我不是PHP开发人员,而是业余爱好者。
What I am trying to achieve is: 我想要实现的是:
In my index.php page I have something like: 在我的index.php页面中,我有类似以下内容:
"<?php echo $pageBody; ?> "
PageBody I am fetching from Database, well it works well for HTML, JS. 我正在从数据库中获取PageBody,它很好地适用于HTML,JS。 But it doesn't work with PHP code source. 但这不适用于PHP代码源。
I done some research I believe this is related to PHP security restrictions. 我做了一些研究,我相信这与PHP安全限制有关。
My question: Does anybody would be able to provide safe sample (cannot find any samples like this) - how I should do this. 我的问题:是否有人可以提供安全的样品(找不到这样的样品)-我应该如何做。
I am trying to insert some php code and render it eventually via browser: 我试图插入一些PHP代码并最终通过浏览器呈现它:
<div id="outer">
<div id="inner">
***PHP Code should go here***
</div>
</div>
At the minute - it is being rendered as text. 在某一时刻-它呈现为文本。 However I can render properly HTML and JS. 但是我可以正确呈现HTML和JS。
My preferable way would be - as much as possible secure. 我最好的方法是-尽可能地安全。
Many Thanks Guys! 非常感谢你们!
4 个解决方案
解决方案1
2 2013-02-25 17:51:20
When you retrieve PHP code from a database text field, the PHP interpreter does not "know" that it should parse the data as a PHP script. 当您从数据库文本字段检索PHP代码时,PHP解释器不会“知道”它将数据解析为PHP脚本。 To the PHP interpreter, the data in that field is no different from any other data -- it is all strings without any special significance. 对于PHP解释器,该字段中的数据与任何其他数据没有什么不同-都是字符串,没有任何特殊意义。
You could use eval ( docs ) to accomplish this if you're dealing with pure PHP scripts . 如果您要处理纯PHP脚本,则可以使用eval ( docs )完成此操作。 Be forewarned: eval is considered "evil" because using it comes with risks, especially if your users will have any input as to the content of the database. 注意: eval被认为是“邪恶的”,因为使用它会带来风险,特别是如果您的用户将对数据库的内容进行任何输入时。
In your case, it sounds like you want to parse mixed PHP and HTML that is stored in a database field. 在您的情况下,听起来好像您想解析存储在数据库字段中的PHP和HTML的混合格式。 In order to do this, you'd need to write the database data into a file, then include it so the PHP interpreter can do its thing. 为此,您需要将数据库数据写入文件中,然后include其include ,以便PHP解释器可以执行其操作。 You should implement some kind of caching mechanism in this process, otherwise it might become heavy on your server with many users. 您应该在此过程中实现某种缓存机制,否则在拥有许多用户的服务器上它可能变得很繁重。 You may also want to use output buffering ( docs ) to capture the output instead of immediately sending it out. 您可能还想使用输出缓冲( docs )捕获输出,而不是立即将其发送出去。
Briefly, you'd want to do something like this: 简要地说,您想执行以下操作:
$content_from_db = "<h1>Hello <?php print 'Clarisse'; ?></h1>";
$identifier_from_db = '12'; // like the primary key from the table
$file_handle = fopen('cached_content/CACHE_'.$identifier_from_db.'.php', 'w');
fwrite($file_handle, $content_from_db);
fclose($file_handle);
// here is where you'd start output buffering, if you're going to do that (optional)
include('cached_content/CACHE_'.$identifier_from_db.'.php');
// and then here you retrieve the output buffer's content (optional)
Please note that this is not a "traditional" way of including dynamic content, and the above code is not production-ready . 请注意,这不是包括动态内容的“传统”方式,并且上面的代码还不能用于生产 。 Without knowing your use case, I can't say for certain, but this idea of storing PHP code in the database is a rather unusual way to proceed. 不知道您的用例,我无法肯定地说,但是这种将PHP代码存储在数据库中的想法是一种非常不寻常的处理方式。
Another alternative to rolling your own is the smarty template library. 滚动自己的另一种替代方法是smarty模板库。 Check it out here: http://www.smarty.net . 在此处查看: http : //www.smarty.net 。 With smarty, you can write a resource plugin to pull the templates from the database. 使用smarty,您可以编写资源插件以从数据库中提取模板。 It would look something like the code above ( more info ) 它看起来像上面的代码( 更多信息 )
Documentation 文档
-
fwrite- http://php.net/manual/en/function.fwrite.phpfwrite- http://php.net/manual/zh/function.fwrite.php -
include- http://php.net/manual/en/function.include.phpinclude-http://php.net/manual/zh/function.include.php - PHP basics on theopensourcery.com - http://theopensourcery.com/phpbasics.htm -对theopensourcery.com PHP基础 http://theopensourcery.com/phpbasics.htm
- Server-side scripting on Wikipedia - http://en.wikipedia.org/wiki/Server-side_scripting Wikipedia上的服务器端脚本 -http: //en.wikipedia.org/wiki/Server-side_scripting
-
eval- http://php.net/manual/en/function.eval.phpeval: //php.net/manual/zh/function.eval.php - Output Control (buffering) - http://php.net/manual/en/book.outcontrol.php 输出控制(缓冲) -http://php.net/manual/zh/book.outcontrol.php
- Smarty - http://www.smarty.net Smarty- http: //www.smarty.net
解决方案2
0 2013-02-25 17:38:21
要执行存储在字符串(或数据库)中的PHP,可以使用eval函数 ,但请注意,这样做可能会有些危险。
解决方案3
0 2013-02-25 17:39:01
You can't render (probably you mean execute) php code in the browser, because php scripts execute on the server and then the output is sent to the browser. 您无法在浏览器中呈现php代码(可能是执行),因为php脚本在服务器上执行,然后输出发送到浏览器。 By the time the browser recieve the response, script has already finished execution. 在浏览器收到响应时,脚本已经完成执行。
You can fetch the code from database and use eval() before sending the output. 您可以在发送输出之前从数据库中获取代码并使用eval()。 But you must be aware of drawbacks from this approach. 但是您必须意识到这种方法的缺点。
解决方案4
-1 2013-02-25 17:52:39
Browser cannot render (execute) PHP code. 浏览器无法呈现(执行)PHP代码。 PHP is something that the server executes and sends to the browser as plain HTML to display. PHP是服务器执行并以纯HTML格式发送给浏览器以显示的内容。
For testing purposes you can download and install WAMP thats the most hassle free one stop solution for development. 出于测试目的,您可以下载并安装WAMP,这是最轻松的一站式开发解决方案。
link : http://www.wampserver.com/en/ 链接: http : //www.wampserver.com/en/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.